The Samba-Bugzilla – Attachment 5412 Details for
Bug 7169
acl group control = yes fails after upgrading from samba 3.2.8 to 3.4.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
This is a debug-run from the user being able to change security for folder test2
smb.log.acl-group-control.470.can-change (text/plain), 922.89 KB, created by
Erik Sørnes
on 2010-02-23 02:32:05 UTC
(
hide
)
Description:
This is a debug-run from the user being able to change security for folder test2
Filename:
MIME Type:
Creator:
Erik Sørnes
Created:
2010-02-23 02:32:05 UTC
Size:
922.89 KB
patch
obsolete
>Maximum core file size limits now 16777216(soft) -1(hard) >get_current_groups: user is in 2 groups: 0, 104 >smbd version 3.4.5 started. >Copyright Andrew Tridgell and the Samba Team 1992-2009 >uid=0 gid=0 euid=0 egid=0 >Build environment: > Built by: root@erso-desktop > Built on: Wed Feb 17 17:09:47 CET 2010 > Built using: gcc > Build host: Linux erso-desktop 2.6.27.42-0.1-default #1 SMP 2010-01-06 16:07:25 +0100 x86_64 x86_64 x86_64 GNU/Linux > SRCDIR: /root/git/samba-3.4.5/source3 > BUILDDIR: /root/git/samba-3.4.5/source3 > >Paths: > SBINDIR: /samba-3.4.5/sbin > BINDIR: /samba-3.4.5/bin > SWATDIR: /samba-3.4.5/swat > CONFIGFILE: ../lib/smb.conf > LOGFILEBASE: /samba-3.4.5/var > LMHOSTSFILE: /samba-3.4.5/lib/lmhosts > LIBDIR: /samba-3.4.5/lib > MODULESDIR: /samba-3.4.5/lib > SHLIBEXT: so > LOCKDIR: /samba-3.4.5/var/locks > STATEDIR: /samba-3.4.5/var/locks > CACHEDIR: /samba-3.4.5/var/locks > PIDDIR: /samba-3.4.5/var/locks > SMB_PASSWD_FILE: /samba-3.4.5/private/smbpasswd > PRIVATE_DIR: /samba-3.4.5/private > > System Headers: > HAVE_SYS_ACL_H > HAVE_SYS_CDEFS_H > HAVE_SYS_EPOLL_H > HAVE_SYS_FCNTL_H > HAVE_SYS_INOTIFY_H > HAVE_SYS_IOCTL_H > HAVE_SYS_IPC_H > HAVE_SYS_MMAN_H > HAVE_SYS_MOUNT_H > HAVE_SYS_PARAM_H > HAVE_SYS_PRCTL_H > HAVE_SYS_QUOTA_H > HAVE_SYS_RESOURCE_H > HAVE_SYS_SELECT_H > HAVE_SYS_SHM_H > HAVE_SYS_SOCKET_H > HAVE_SYS_STATFS_H > HAVE_SYS_STATVFS_H > HAVE_SYS_STAT_H > HAVE_SYS_SYSCALL_H > HAVE_SYS_SYSCTL_H > HAVE_SYS_SYSLOG_H > HAVE_SYS_SYSMACROS_H > HAVE_SYS_TIME_H > HAVE_SYS_TYPES_H > HAVE_SYS_UIO_H > HAVE_SYS_UNISTD_H > HAVE_SYS_UN_H > HAVE_SYS_VFS_H > HAVE_SYS_WAIT_H > HAVE_SYS_XATTR_H > > Headers: > HAVE_ACL_LIBACL_H > HAVE_AIO_H > HAVE_ALLOCA_H > HAVE_ARPA_INET_H > HAVE_ASM_TYPES_H > HAVE_ASM_UNISTD_H > HAVE_ATTR_XATTR_H > HAVE_CRYPT_H > HAVE_CTYPE_H > HAVE_DIRENT_H > HAVE_DLFCN_H > HAVE_EXECINFO_H > HAVE_FCNTL_H > HAVE_FLOAT_H > HAVE_FNMATCH_H > HAVE_GLOB_H > HAVE_GRP_H > HAVE_GSSAPI_GSSAPI_GENERIC_H > HAVE_GSSAPI_GSSAPI_H > HAVE_GSSAPI_H > HAVE_IFADDRS_H > HAVE_KEYUTILS_H > HAVE_KRB5_H > HAVE_KRB5_LOCATE_PLUGIN_H > HAVE_LANGINFO_H > HAVE_LASTLOG_H > HAVE_LBER_H > HAVE_LDAP_H > HAVE_LIBINTL_H > HAVE_LIMITS_H > HAVE_LINUX_DQBLK_XFS_H > HAVE_LINUX_INOTIFY_H > HAVE_LOCALE_H > HAVE_MEMORY_H > HAVE_MNTENT_H > HAVE_NETDB_H > HAVE_NETINET_IN_H > HAVE_NETINET_IN_SYSTM_H > HAVE_NETINET_IP_H > HAVE_NETINET_TCP_H > HAVE_NET_IF_H > HAVE_NSS_H > HAVE_PTHREAD_H > HAVE_PWD_H > HAVE_RPCSVC_NIS_H > HAVE_RPCSVC_YPCLNT_H > HAVE_RPCSVC_YP_PROT_H > HAVE_RPC_RPC_H > HAVE_SETJMP_H > HAVE_SHADOW_H > HAVE_STDARG_H > HAVE_STDBOOL_H > HAVE_STDINT_H > HAVE_STDIO_H > HAVE_STDLIB_H > HAVE_STRINGS_H > HAVE_STRING_H > HAVE_STROPTS_H > HAVE_SYSCALL_H > HAVE_SYSLOG_H > HAVE_TERMIOS_H > HAVE_TERMIO_H > HAVE_TIME_H > HAVE_UNISTD_H > HAVE_UTIME_H > HAVE_ZLIB_H > > UTMP Options: > HAVE_GETUTMPX > HAVE_UTMPX_H > HAVE_UTMP_H > HAVE_UT_UT_ADDR > HAVE_UT_UT_ADDR_V6 > HAVE_UT_UT_EXIT > HAVE_UT_UT_HOST > HAVE_UT_UT_ID > HAVE_UT_UT_NAME > HAVE_UT_UT_PID > HAVE_UT_UT_TIME > HAVE_UT_UT_TYPE > HAVE_UT_UT_USER > PUTUTLINE_RETURNS_UTMP > WITH_UTMP > > HAVE_* Defines: > HAVE_ADDRTYPE_IN_KRB5_ADDRESS > HAVE_AP_OPTS_USE_SUBKEY > HAVE_ASPRINTF > HAVE_ATEXIT > HAVE_BACKTRACE_SYMBOLS > HAVE_BER_SCANF > HAVE_BER_SOCKBUF_ADD_IO > HAVE_BOOL > HAVE_BZERO > HAVE_C99_VSNPRINTF > HAVE_CHMOD > HAVE_CHOWN > HAVE_CHROOT > HAVE_COMPARISON_FN_T > HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS > HAVE_CONNECT > HAVE_CREAT64 > HAVE_CRYPT > HAVE_DECL_ASPRINTF > HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE > HAVE_DECL_RL_EVENT_HOOK > HAVE_DECL_SNPRINTF > HAVE_DECL_VASPRINTF > HAVE_DECL_VSNPRINTF > HAVE_DEVICE_MAJOR_FN > HAVE_DEVICE_MINOR_FN > HAVE_DGETTEXT > HAVE_DIRENT_D_OFF > HAVE_DIRFD > HAVE_DIRFD_DECL > HAVE_DLCLOSE > HAVE_DLERROR > HAVE_DLOPEN > HAVE_DLSYM > HAVE_DUP2 > HAVE_ENDMNTENT > HAVE_ENDNETGRENT > HAVE_ENVIRON_DECL > HAVE_EPOLL > HAVE_EPOLL_CREATE > HAVE_ERRNO_DECL > HAVE_EXECL > HAVE_EXPLICIT_LARGEFILE_SUPPORT > HAVE_FCHMOD > HAVE_FCHOWN > HAVE_FCNTL_LOCK > HAVE_FCVT > HAVE_FDATASYNC > HAVE_FGETXATTR > HAVE_FLISTXATTR > HAVE_FOPEN64 > HAVE_FREEADDRINFO > HAVE_FREEIFADDRS > HAVE_FREMOVEXATTR > HAVE_FRSIZE > HAVE_FSEEKO64 > HAVE_FSETXATTR > HAVE_FSID_INT > HAVE_FSTAT64 > HAVE_FSYNC > HAVE_FTELLO64 > HAVE_FTRUNCATE > HAVE_FTRUNCATE64 > HAVE_FTRUNCATE_EXTEND > HAVE_FUNCTION_MACRO > HAVE_GAI_STRERROR > HAVE_GETADDRINFO > HAVE_GETCWD > HAVE_GETDIRENTRIES > HAVE_GETGRENT > HAVE_GETGRENT_R > HAVE_GETGRENT_R_DECL > HAVE_GETGRGID_R > HAVE_GETGRNAM > HAVE_GETGRNAM_R > HAVE_GETGROUPLIST > HAVE_GETHOSTBYNAME > HAVE_GETIFADDRS > HAVE_GETMNTENT > HAVE_GETNAMEINFO > HAVE_GETNETGRENT > HAVE_GETPAGESIZE > HAVE_GETPGRP > HAVE_GETPWENT_R > HAVE_GETPWENT_R_DECL > HAVE_GETPWNAM_R > HAVE_GETPWUID_R > HAVE_GETRLIMIT > HAVE_GETSPNAM > HAVE_GETTEXT > HAVE_GETTIMEOFDAY_TZ > HAVE_GETXATTR > HAVE_GLOB > HAVE_GRANTPT > HAVE_GSSAPI > HAVE_GSS_DISPLAY_STATUS > HAVE_HSTRERROR > HAVE_ICONV > HAVE_IFACE_GETIFADDRS > HAVE_IF_NAMETOINDEX > HAVE_IMMEDIATE_STRUCTURES > HAVE_INET_ATON > HAVE_INET_NTOA > HAVE_INET_NTOP > HAVE_INET_PTON > HAVE_INITGROUPS > HAVE_INITIALIZE_KRB5_ERROR_TABLE > HAVE_INNETGR > HAVE_INOTIFY > HAVE_INOTIFY_INIT > HAVE_IPV6 > HAVE_ISATTY > HAVE_KERNEL_CHANGE_NOTIFY > HAVE_KERNEL_OPLOCKS_LINUX > HAVE_KERNEL_SHARE_MODES > HAVE_KRB5 > HAVE_KRB5_AUTH_CON_SETUSERUSERKEY > HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE > HAVE_KRB5_C_ENCTYPE_COMPARE > HAVE_KRB5_C_VERIFY_CHECKSUM > HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER > HAVE_KRB5_ENCRYPT_BLOCK > HAVE_KRB5_ENCRYPT_DATA > HAVE_KRB5_ENCTYPE_TO_STRING > HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG > HAVE_KRB5_FREE_DATA_CONTENTS > HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS > HAVE_KRB5_FREE_UNPARSED_NAME > HAVE_KRB5_FWD_TGT_CREDS > HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC > HAVE_KRB5_GET_INIT_CREDS_OPT_FREE > HAVE_KRB5_GET_PERMITTED_ENCTYPES > HAVE_KRB5_GET_RENEWED_CREDS > HAVE_KRB5_KEYBLOCK_IN_CREDS > HAVE_KRB5_KEYTAB_ENTRY_KEY > HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM > HAVE_KRB5_KT_FREE_ENTRY > HAVE_KRB5_LOCATE_KDC > HAVE_KRB5_MK_REQ_EXTENDED > HAVE_KRB5_PRINCIPAL2SALT > HAVE_KRB5_PRINC_COMPONENT > HAVE_KRB5_PRINC_REALM > HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES > HAVE_KRB5_SET_DEFAULT_TGS_KTYPES > HAVE_KRB5_SET_REAL_TIME > HAVE_KRB5_STRING_TO_KEY > HAVE_KRB5_TKT_ENC_PART2 > HAVE_KRB5_USE_ENCTYPE > HAVE_KRB5_VERIFY_CHECKSUM > HAVE_KV5M_KEYTAB > HAVE_LBER_LOG_PRINT_FN > HAVE_LCHOWN > HAVE_LDAP > HAVE_LDAP_ADD_RESULT_ENTRY > HAVE_LDAP_INIT > HAVE_LDAP_INITIALIZE > HAVE_LDAP_SASL_WRAPPING > HAVE_LDAP_SET_REBIND_PROC > HAVE_LGETXATTR > HAVE_LIBCOM_ERR > HAVE_LIBGSSAPI_KRB5 > HAVE_LIBK5CRYPTO > HAVE_LIBKRB5 > HAVE_LIBLBER > HAVE_LIBLDAP > HAVE_LIBRESOLV > HAVE_LIBZ > HAVE_LINK > HAVE_LINUX_READAHEAD > HAVE_LINUX_SPLICE > HAVE_LINUX_XFS_QUOTAS > HAVE_LISTXATTR > HAVE_LLISTXATTR > HAVE_LLSEEK > HAVE_LONGLONG > HAVE_LONG_LONG > HAVE_LREMOVEXATTR > HAVE_LSEEK64 > HAVE_LSETXATTR > HAVE_LSTAT > HAVE_LSTAT64 > HAVE_MAGIC_IN_KRB5_ADDRESS > HAVE_MAKEDEV > HAVE_MEMALIGN > HAVE_MEMCPY > HAVE_MEMMOVE > HAVE_MEMSET > HAVE_MKDIR_MODE > HAVE_MKDTEMP > HAVE_MKNOD > HAVE_MKTIME > HAVE_MLOCK > HAVE_MLOCKALL > HAVE_MMAP > HAVE_MSGHDR_MSG_CONTROL > HAVE_MUNLOCK > HAVE_MUNLOCKALL > HAVE_NANOSLEEP > HAVE_NATIVE_ICONV > HAVE_NL_LANGINFO > HAVE_NO_AIO > HAVE_OPEN64 > HAVE_PATHCONF > HAVE_PEERCRED > HAVE_PIPE > HAVE_POLL > HAVE_POSIX_ACLS > HAVE_POSIX_FADVISE > HAVE_POSIX_MEMALIGN > HAVE_PRCTL > HAVE_PREAD > HAVE_PREAD64 > HAVE_PRINTF > HAVE_PTHREAD > HAVE_PUTUTLINE > HAVE_PUTUTXLINE > HAVE_PWRITE > HAVE_PWRITE64 > HAVE_QUOTACTL_LINUX > HAVE_RAND > HAVE_RANDOM > HAVE_READAHEAD_DECL > HAVE_READDIR64 > HAVE_READLINK > HAVE_REALPATH > HAVE_REMOVEXATTR > HAVE_RENAME > HAVE_SA_FAMILY_T > HAVE_SECURE_MKSTEMP > HAVE_SELECT > HAVE_SENDFILE64 > HAVE_SETBUFFER > HAVE_SETEGID > HAVE_SETENV > HAVE_SETENV_DECL > HAVE_SETEUID > HAVE_SETGROUPS > HAVE_SETLINEBUF > HAVE_SETLOCALE > HAVE_SETMNTENT > HAVE_SETNETGRENT > HAVE_SETPGID > HAVE_SETRESGID > HAVE_SETRESGID_DECL > HAVE_SETRESUID > HAVE_SETRESUID_DECL > HAVE_SETSID > HAVE_SETXATTR > HAVE_SHMGET > HAVE_SHORT_KRB5_MK_ERROR_INTERFACE > HAVE_SIGACTION > HAVE_SIGBLOCK > HAVE_SIGPROCMASK > HAVE_SIGSET > HAVE_SIG_ATOMIC_T_TYPE > HAVE_SNPRINTF > HAVE_SOCKETPAIR > HAVE_SOCKLEN_T > HAVE_SPLICE_DECL > HAVE_SRAND > HAVE_SRANDOM > HAVE_SS_FAMILY > HAVE_STAT64 > HAVE_STATVFS_F_FLAG > HAVE_STAT_HIRES_TIMESTAMPS > HAVE_STAT_ST_BLKSIZE > HAVE_STAT_ST_BLOCKS > HAVE_STRCASECMP > HAVE_STRCASESTR > HAVE_STRCHR > HAVE_STRDUP > HAVE_STRERROR > HAVE_STRFTIME > HAVE_STRNDUP > HAVE_STRNLEN > HAVE_STRPBRK > HAVE_STRSIGNAL > HAVE_STRTOK_R > HAVE_STRTOL > HAVE_STRTOLL > HAVE_STRTOQ > HAVE_STRTOULL > HAVE_STRTOUQ > HAVE_STRUCT_ADDRINFO > HAVE_STRUCT_DIRENT64 > HAVE_STRUCT_FLOCK64 > HAVE_STRUCT_IFADDRS > HAVE_STRUCT_SIGEVENT > HAVE_STRUCT_SIGEVENT_SIGEV_VALUE_SIVAL_PTR > HAVE_STRUCT_SOCKADDR > HAVE_STRUCT_SOCKADDR_IN6 > HAVE_STRUCT_SOCKADDR_STORAGE > HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC > HAVE_STRUCT_STAT_ST_RDEV > HAVE_STRUCT_TIMESPEC > HAVE_ST_RDEV > HAVE_SYMLINK > HAVE_SYSCONF > HAVE_SYSLOG > HAVE_SYS_QUOTAS > HAVE_TICKET_POINTER_IN_KRB5_AP_REQ > HAVE_TIMEGM > HAVE_UNIXSOCKET > HAVE_UNSETENV > HAVE_UPDWTMP > HAVE_UPDWTMPX > HAVE_USLEEP > HAVE_UTIMBUF > HAVE_UTIME > HAVE_UTIMES > HAVE_VASPRINTF > HAVE_VA_COPY > HAVE_VOLATILE > HAVE_VSNPRINTF > HAVE_VSYSLOG > HAVE_WAITPID > HAVE_WRFILE_KEYTAB > HAVE_XFS_QUOTAS > HAVE_YP_GET_DEFAULT_DOMAIN > HAVE_ZLIBVERSION > HAVE__Bool > HAVE__ET_LIST > HAVE__VA_ARGS__MACRO > HAVE___CLOSE > HAVE___DUP2 > HAVE___FCNTL > HAVE___FORK > HAVE___FSTAT > HAVE___FXSTAT > HAVE___LSEEK > HAVE___LSTAT > HAVE___LXSTAT > HAVE___NR_INOTIFY_INIT_DECL > HAVE___OPEN > HAVE___OPEN64 > HAVE___PREAD64 > HAVE___PWRITE64 > HAVE___READ > HAVE___STAT > HAVE___WRITE > HAVE___XSTAT > > --with Options: > WITH_ADS > WITH_CIFSMOUNT > WITH_CIFSUPCALL > WITH_QUOTAS > WITH_SENDFILE > WITH_UTMP > WITH_WINBIND > > Build Options: > COMPILER_SUPPORTS_LL > CONFIG_H_IS_FROM_SAMBA > DEFAULT_DISPLAY_CHARSET > DEFAULT_DOS_CHARSET > DEFAULT_UNIX_CHARSET > KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT > KRB5_TICKET_HAS_KEYINFO > KRB5_VERIFY_CHECKSUM_ARGS > LDAP_SET_REBIND_PROC_ARGS > LIBREPLACE_NETWORK_CHECKS > LINUX > LINUX_SENDFILE_API > PACKAGE_BUGREPORT > PACKAGE_NAME > PACKAGE_STRING > PACKAGE_TARNAME > PACKAGE_VERSION > REALPATH_TAKES_NULL > REPLACE_GETPASS > RETSIGTYPE > SEEKDIR_RETURNS_VOID > SHLIBEXT > SIZEOF_CHAR > SIZEOF_DEV_T > SIZEOF_INO_T > SIZEOF_INT > SIZEOF_LONG_LONG > SIZEOF_OFF_T > SIZEOF_SHORT > SIZEOF_SIZE_T > SIZEOF_SSIZE_T > SIZEOF_TIME_T > SIZEOF_VOID_P > STAT_STATVFS64 > STAT_ST_BLOCKSIZE > STDC_HEADERS > STRING_STATIC_MODULES > SYSCONF_SC_NGROUPS_MAX > SYSCONF_SC_NPROCESSORS_ONLN > SYSCONF_SC_PAGESIZE > SYSLOG_FACILITY > TIME_WITH_SYS_TIME > USE_SETREUID > WITH_ADS > WITH_CIFSMOUNT > WITH_CIFSUPCALL > WITH_QUOTAS > WITH_SENDFILE > WITH_WINBIND > _FILE_OFFSET_BITS > _GNU_SOURCE > _LARGEFILE64_SOURCE > _POSIX_C_SOURCE > _POSIX_SOURCE > auth_script_init > charset_CP437_init > charset_CP850_init > offset_t > static_decl_auth > static_decl_charset > static_decl_gpext > static_decl_idmap > static_decl_nss_info > static_decl_pdb > static_decl_perfcount > static_decl_rpc > static_decl_vfs > static_init_auth > static_init_charset > static_init_gpext > static_init_idmap > static_init_nss_info > static_init_pdb > static_init_perfcount > static_init_rpc > static_init_vfs > uint_t > vfs_acl_tdb_init > vfs_acl_xattr_init > vfs_audit_init > vfs_cap_init > vfs_default_quota_init > vfs_dirsort_init > vfs_expand_msdfs_init > vfs_extd_audit_init > vfs_fake_perms_init > vfs_fileid_init > vfs_full_audit_init > vfs_netatalk_init > vfs_preopen_init > vfs_readahead_init > vfs_readonly_init > vfs_recycle_init > vfs_shadow_copy2_init > vfs_shadow_copy_init > vfs_smb_traffic_analyzer_init > vfs_streams_depot_init > vfs_streams_xattr_init > vfs_syncops_init > vfs_xattr_tdb_init > >Type sizes: > sizeof(char): 1 > sizeof(int): 4 > sizeof(long): 8 > sizeof(long long): 8 > sizeof(uint8): 1 > sizeof(uint16): 2 > sizeof(uint32): 4 > sizeof(short): 2 > sizeof(void*): 8 > sizeof(size_t): 8 > sizeof(off_t): 8 > sizeof(ino_t): 8 > sizeof(dev_t): 8 > >Builtin modules: > pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb idmap_passdb idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin auth_netlogond vfs_default vfs_posixacl >lp_load_ex: refreshing parameters >Initialising global parameters >rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) >params.c:pm_process() - Processing configuration file "../lib/smb.conf" >Processing section "[global]" >doing parameter server string = Samba fra erso >doing parameter passdb backend = tdbsam:/samba-3.4.5/private/passdb.tdb >doing parameter comment = testsone >doing parameter workgroup = testgroup >doing parameter security = server >doing parameter log level = 10 >doing parameter max log size = 0 >doing parameter debug hires timestamp = yes >doing parameter debug pid = yes >doing parameter printcap name = /etc/printcap >doing parameter disable spoolss = yes >doing parameter map to guest = Bad User >doing parameter usershare allow guests = No >doing parameter netbios name = testpc >handle_netbios_name: set global_myname to: TESTPC >doing parameter wins support = No >pm_process() returned Yes >lp_servicenumber: couldn't find homes >set_server_role: role = ROLE_STANDALONE >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF-16LE >Registered charset UTF-16LE >Attempting to register new charset UCS-2BE >Registered charset UCS-2BE >Attempting to register new charset UTF-16BE >Registered charset UTF-16BE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset UTF-8 >Registered charset UTF-8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >lp_load_ex: refreshing parameters >Initialising global parameters >rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) >params.c:pm_process() - Processing configuration file "../lib/smb.conf" >Processing section "[global]" >doing parameter server string = Samba fra erso >doing parameter passdb backend = tdbsam:/samba-3.4.5/private/passdb.tdb >doing parameter comment = testsone >doing parameter workgroup = testgroup >doing parameter security = server >doing parameter log level = 10 >doing parameter max log size = 0 >doing parameter debug hires timestamp = yes >doing parameter debug pid = yes >doing parameter printcap name = /etc/printcap >doing parameter disable spoolss = yes >doing parameter map to guest = Bad User >doing parameter usershare allow guests = No >doing parameter netbios name = testpc >handle_netbios_name: set global_myname to: TESTPC >doing parameter wins support = No >Processing section "[test$]" >add_a_service: Creating snum = 0 for test$ >hash_a_service: creating servicehash >hash_a_service: hashing index 0 for service name test$ >doing parameter comment = testshare >doing parameter path = /testshare >doing parameter acl group control = yes >doing parameter writable = yes >doing parameter browsable = yes >doing parameter force directory security mode = 2777 >pm_process() returned Yes >lp_servicenumber: couldn't find homes >add_a_service: Creating snum = 1 for IPC$ >hash_a_service: hashing index 1 for service name IPC$ >adding IPC service >set_server_role: role = ROLE_STANDALONE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >lp_servicenumber: couldn't find printers >reloading printcap cache >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >reload status: ok >lp_servicenumber: couldn't find printers >lp_servicenumber: couldn't find printers >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >added interface vmnet8 ip=192.168.221.1 bcast=192.168.221.255 netmask=255.255.255.0 >added interface vmnet1 ip=192.168.244.1 bcast=192.168.244.255 netmask=255.255.255.0 >added interface br0 ip=10.225.5.232 bcast=10.225.7.255 netmask=255.255.248.0 >Netbios name list:- >my_netbios_names[0]="TESTPC" >loaded services >fcntl_lock 8 6 0 1 1 >fcntl_lock: Lock call successful >Attempting to register passdb backend ldapsam >Successfully added passdb backend 'ldapsam' >Attempting to register passdb backend ldapsam_compat >Successfully added passdb backend 'ldapsam_compat' >Attempting to register passdb backend NDS_ldapsam >Successfully added passdb backend 'NDS_ldapsam' >Attempting to register passdb backend NDS_ldapsam_compat >Successfully added passdb backend 'NDS_ldapsam_compat' >Attempting to register passdb backend smbpasswd >Successfully added passdb backend 'smbpasswd' >Attempting to register passdb backend tdbsam >Successfully added passdb backend 'tdbsam' >Attempting to register passdb backend wbc_sam >Successfully added passdb backend 'wbc_sam' >Attempting to find a passdb backend to match tdbsam:/samba-3.4.5/private/passdb.tdb (tdbsam) >Found pdb backend tdbsam >pdb backend tdbsam:/samba-3.4.5/private/passdb.tdb has a valid init >Opening cache file at /samba-3.4.5/var/locks/gencache.tdb >namecache_enable: enabling netbios namecache, timeout 660 seconds >reghook_cache_init: new tree with default ops 0x7fb623ff9000 for key [] >regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >specific: [Samba Printer Port], len: 2 >regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >specific: [DefaultSpoolDirectory], len: 70 >regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >specific: [DisplayName], len: 20 >specific: [ErrorControl], len: 4 >regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >specific: [DisplayName], len: 20 >specific: [ErrorControl], len: 4 >reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9300 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9100 for key [/HKLM/SOFTWARE/Samba/smbconf] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9360 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff93c0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9420 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9480 for key [/HKPT] >pathtree_add: Enter >pathtree_add: Successfully added node [HKPT] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff94e0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree >pathtree_add: Exit >reghook_cache_add: Adding ops 0x7fb623ff9540 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] >pathtree_add: Enter >pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree >pathtree_add: Exit >Cache entry with key = IDMAP/UID2SID/0 couldn't be found >uid_to_sid: winbind failed to find a sid for uid 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >tdbsam_open: successfully opened /samba-3.4.5/private/passdb.tdb >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: uid 0 -> sid S-1-5-21-783145419-1966905550-2589541370-1000 >Cache entry with key = IDMAP/GID2SID/0 couldn't be found >gid_to_sid: winbind failed to find a sid for gid 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: gid 0 -> sid S-1-22-2-0 >Create local NT token for S-1-5-21-783145419-1966905550-2589541370-1000 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >winbind failed to find a gid for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >winbind failed to find a gid for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-1000] >get_privileges_for_sids: sid = S-1-5-32-544 >Privilege set: >SE_PRIV 0xff0 0x0 0x0 0x0 >get_privileges_for_sids: sid = S-1-1-0 >Privilege set: >SE_PRIV 0x0 0x0 0x0 0x0 >get_privileges: No privileges assigned to SID [S-1-5-2] >get_privileges: No privileges assigned to SID [S-1-5-11] >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (1) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (3) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (3) >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Spooler] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Spooler] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Security] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [NETLOGON] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [NETLOGON] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Security] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [RemoteRegistry] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [RemoteRegistry] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Security] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [WINS] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >regdb_close: decrementing refcount (2) >regkey_open_onelevel: name = [HKLM] >regdb_open: incrementing refcount (2) >reghook_cache_find: Searching for keyname [/HKLM] >pathtree_find: Enter [/HKLM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] >regdb_get_secdesc: Getting secdesc of key [HKLM] >regkey_open_onelevel: name = [SYSTEM] >regdb_open: incrementing refcount (3) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >pathtree_find: Enter [/HKLM/SYSTEM] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >regkey_open_onelevel: name = [CurrentControlSet] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Services] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [WINS] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >regdb_close: decrementing refcount (4) >regkey_open_onelevel: name = [Security] >regdb_open: incrementing refcount (4) >reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >pathtree_find: Exit >reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >regdb_close: decrementing refcount (4) >regdb_close: decrementing refcount (3) >regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >regdb_close: decrementing refcount (2) >regdb_close: decrementing refcount (1) >regdb_close: decrementing refcount (0) >update_c_setprinter: c_setprinter = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pdb_getsampwsid: Building guest account >pdb_set_username: setting username nobody, was >pdb_set_full_name: setting full name nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >sys_getgrouplist: user [nobody] >Cache entry with key = IDMAP/GID2SID/65533 couldn't be found >gid_to_sid: winbind failed to find a sid for gid 65533 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: gid 65533 -> sid S-1-22-2-65533 >Cache entry with key = IDMAP/GID2SID/65534 couldn't be found >gid_to_sid: winbind failed to find a sid for gid 65534 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: gid 65534 -> sid S-1-22-2-65534 >make_server_info_sam: made server info for user nobody -> nobody >Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >winbind failed to find a gid for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >winbind failed to find a gid for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] >get_privileges: No privileges assigned to SID [S-1-22-2-65533] >get_privileges_for_sids: sid = S-1-1-0 >Privilege set: >SE_PRIV 0x0 0x0 0x0 0x0 >get_privileges: No privileges assigned to SID [S-1-5-2] >get_privileges: No privileges assigned to SID [S-1-5-32-546] >get_privileges: No privileges assigned to SID [S-1-22-2-65534] >Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found >winbind failed to find a gid for sid S-1-1-0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-1-0 >Could not convert SID S-1-1-0 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found >winbind failed to find a gid for sid S-1-5-2 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-2 >Could not convert SID S-1-5-2 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found >winbind failed to find a gid for sid S-1-5-32-546 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-546 >Could not convert SID S-1-5-32-546 to gid, ignoring it >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 7 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-22-2-65533 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-32-546 >SID[ 5]: S-1-22-2-65534 >SID[ 6]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 2 supplementary groups >Group[ 0]: 65533 >Group[ 1]: 65534 >interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] >interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] >bind succeeded on port 445 >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >bind succeeded on port 139 >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >claiming [] >Locking key 29320000FFFFFFFF0000 >Allocated locked data 0x0x7fb624082420 >Unlocking key 29320000FFFFFFFF0000 >waiting for connections >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >init_oplocks: initializing messages. >Linux kernel oplocks enabled >s3_event: Added timed event "smbd_idle_event_handler": 0x7fb6240671c0 >event_add_idle: idle_evt(keepalive) 0x7fb6240671c0 >s3_event: Added timed event "smbd_idle_event_handler": 0x7fb624032cd0 >event_add_idle: idle_evt(deadtime) 0x7fb624032cd0 >s3_event: Added timed event "smbd_idle_event_handler": 0x7fb62402a9f0 >event_add_idle: idle_evt(housekeeping) 0x7fb62402a9f0 >got smb length of 133 >got message type 0x0 of len 0x85 >Transaction 0 of length 137 (0 toread) >size=133 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51283 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=0 >smb_bcc=98 >[0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG >[0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 >[0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for >[0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. >[0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM >[0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 >[0060] 32 00 2. >switch message SMBnegprot (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Requested protocol [PC NETWORK PROGRAM 1.0] >Requested protocol [LANMAN1.0] >Requested protocol [Windows for Workgroups 3.1a] >Requested protocol [LM1.2X002] >Requested protocol [LANMAN2.1] >Requested protocol [NT LM 0.12] >set_remote_arch: Client arch is 'Win2K' >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >claiming [] >Locking key 29320000FFFFFFFF0000 >Allocated locked data 0x0x7fb624085050 >Unlocking key 29320000FFFFFFFF0000 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >using SPNEGO >Selected protocol NT LM 0.12 >negprot index=5 >size=127 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51283 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=17 >smb_vwv[ 0]= 5 (0x5) >smb_vwv[ 1]=12803 (0x3203) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]=10496 (0x2900) >smb_vwv[ 8]= 50 (0x32) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]=33011 (0x80F3) >smb_vwv[11]=32896 (0x8080) >smb_vwv[12]=53753 (0xD1F9) >smb_vwv[13]=24361 (0x5F29) >smb_vwv[14]=51892 (0xCAB4) >smb_vwv[15]=50177 (0xC401) >smb_vwv[16]= 255 (0xFF) >smb_bcc=58 >[0000] 74 65 73 74 70 63 00 00 00 00 00 00 00 00 00 00 testpc.. ........ >[0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... >[0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... >[0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >got smb length of 206 >got message type 0x0 of len 0xce >Transaction 1 of length 210 (0 toread) >size=206 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=64 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 206 (0xCE) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 74 (0x4A) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=147 >[0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. >[0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* >[0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... >[0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n >[0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 >[0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W >[0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. >[0090] 00 00 00 ... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >register_initial_vuid: allocated vuid = 100 >check_spnego_blob_complete: needed_len = 74, pblob->length = 74 >parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >reply_spnego_negotiate: Got secblob of size 40 >Making default auth method list for security=server >Attempting to register auth backend sam >Successfully added auth method 'sam' >Attempting to register auth backend sam_ignoredomain >Successfully added auth method 'sam_ignoredomain' >Attempting to register auth backend unix >Successfully added auth method 'unix' >Attempting to register auth backend winbind >Successfully added auth method 'winbind' >Attempting to register auth backend wbc >Successfully added auth method 'wbc' >Attempting to register auth backend smbserver >Successfully added auth method 'smbserver' >Attempting to register auth backend trustdomain >Successfully added auth method 'trustdomain' >Attempting to register auth backend ntdomain >Successfully added auth method 'ntdomain' >Attempting to register auth backend guest >Successfully added auth method 'guest' >Attempting to register auth backend netlogond >Successfully added auth method 'netlogond' >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match smbserver >load_auth_module: auth method smbserver has a valid init >Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: getting challenge from module smbserver >Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >sitename_fetch: No stored sitename for >internal_resolve_name: looking up *#20 (sitename (null)) >Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 >name *#20 found. >s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 >s3_event: Added timed event "tevent_req_timedout": 0x7fb623ffe510 >Running timed event "tevent_req_timedout" 0x7fb624086680 >s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb62407e630 >Connecting to 10.225.3.7 at port 445 >s3_event: Added timed event "tevent_req_timedout": 0x7fb624064c30 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb624064c30 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb62407e630 "tevent_req_timedout" >Running timed event "tevent_req_timedout" 0x7fb623ffe510 >s3_event: Destroying timer event 0x7fb623ffe510 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb62406f030 >Connecting to 10.225.3.7 at port 139 >s3_event: Added timed event "tevent_req_timedout": 0x7fb62406d860 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb62406d860 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb62406f030 "tevent_req_timedout" >Error connecting to 10.225.3.7 (Connection refused) >server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED >password server not available >auth_get_challenge: getting challenge from authentication method smbserver FAILED. >auth_context challenge created by random >challenge is: >[0000] 11 AF 15 F1 84 18 E3 31 .......1 >size=318 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=64 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 221 (0xDD) >smb_bcc=275 >[0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N >[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 >[0030] 00 00 00 15 82 8A E2 11 AF 15 F1 84 18 E3 31 00 ........ ......1. >[0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T >[0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T >[0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T >[0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c >[0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a >[0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 >[00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s >[00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i >[00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u >[00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n >[00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a >[00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T >[0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P >[0110] 00 00 00 ... >got smb length of 346 >got message type 0x0 of len 0x15a >Transaction 2 of length 350 (0 toread) >size=346 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=128 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 346 (0x15A) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 214 (0xD6) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=287 >[0000] A1 81 D3 30 81 D0 A2 81 CD 04 81 CA 4E 54 4C 4D ...0.... ....NTLM >[0010] 53 53 50 00 03 00 00 00 18 00 18 00 8A 00 00 00 SSP..... ........ >[0020] 18 00 18 00 A2 00 00 00 14 00 14 00 48 00 00 00 ........ ....H... >[0030] 1A 00 1A 00 5C 00 00 00 14 00 14 00 76 00 00 00 ....\... ....v... >[0040] 10 00 10 00 BA 00 00 00 15 82 88 E2 05 00 93 08 ........ ........ >[0050] 00 00 00 0F 43 00 5A 00 43 00 37 00 34 00 38 00 ....C.Z. C.7.4.8. >[0060] 37 00 54 00 30 00 58 00 41 00 64 00 6D 00 69 00 7.T.0.X. A.d.m.i. >[0070] 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 n.i.s.t. r.a.t.o. >[0080] 72 00 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 r.C.Z.C. 7.4.8.7. >[0090] 54 00 30 00 58 00 FE CF 23 DB BE CE DE AC 00 00 T.0.X... #....... >[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E D9 ........ ........ >[00B0] B8 02 6F C7 9E 03 97 6A 91 01 0A E3 3D CA B9 4D ..o....j ....=..M >[00C0] EE 55 88 4A AD 89 D5 11 87 26 79 F6 19 D1 10 C9 .U.J.... .&y..... >[00D0] 4B 03 6B F6 56 DF 00 57 00 69 00 6E 00 64 00 6F K.k.V..W .i.n.d.o >[00E0] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[00F0] 00 32 00 31 00 39 00 35 00 00 00 57 00 69 00 6E .2.1.9.5 ...W.i.n >[0100] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 >[0110] 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 00 .0. .5.. .0..... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >check_spnego_blob_complete: needed_len = 214, pblob->length = 214 >Got user=[Administrator] domain=[CZC7487T0X] workstation=[CZC7487T0X] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[0000] 71 FF 74 F0 9B F7 42 DD q.t...B. >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >Mapping user [CZC7487T0X]\[Administrator] from workstation [CZC7487T0X] >Mapped domain from [CZC7487T0X] to [TESTPC] for user [Administrator] from workstation [CZC7487T0X] >attempting to make a user_info for Administrator (Administrator) >making strings for Administrator's user_info struct >making blobs for Administrator's user_info struct >made an encrypted user_info for Administrator (Administrator) >check_ntlm_password: Checking password for unmapped user [CZC7487T0X]\[Administrator]@[CZC7487T0X] with the new password interface >check_ntlm_password: mapped user is: [TESTPC]\[Administrator]@[CZC7487T0X] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[0000] 71 FF 74 F0 9B F7 42 DD q.t...B. >check_ntlm_password: guest had nothing to say >is_myname("TESTPC") returns 1 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >Finding user Administrator >Trying _Get_Pwnam(), username as lowercase is administrator >Trying _Get_Pwnam(), username as given is Administrator >Get_Pwnam_internals did find user [Administrator]! >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_update_autolock_flag: Account Administrator not autolocked, no check needed >ntlm_password_check: Checking NT MD4 password >sam_account_ok: Checking SMB password for user Administrator >logon_hours_ok: user Administrator allowed to logon at this time (Tue Feb 23 08:06:55 2010 >) >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >sys_getgrouplist: user [Administrator] >Cache entry with key = IDMAP/GID2SID/123 couldn't be found >gid_to_sid: winbind failed to find a sid for gid 123 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >LEGACY: gid 123 -> sid S-1-22-2-123 >make_server_info_sam: made server info for user Administrator -> Administrator >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: sam authentication for user [Administrator] succeeded >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: PAM Account for user [Administrator] succeeded >check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded >attempting to free (and zero) a user_info structure >structure was created for Administrator >Create local NT token for S-1-5-21-783145419-1966905550-2589541370-1001 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >winbind failed to find a gid for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >winbind failed to find a gid for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-1001] >get_privileges: No privileges assigned to SID [S-1-22-2-123] >get_privileges_for_sids: sid = S-1-1-0 >Privilege set: >SE_PRIV 0x0 0x0 0x0 0x0 >get_privileges: No privileges assigned to SID [S-1-5-2] >get_privileges: No privileges assigned to SID [S-1-5-11] >Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found >winbind failed to find a gid for sid S-1-1-0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-1-0 >Could not convert SID S-1-1-0 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found >winbind failed to find a gid for sid S-1-5-2 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-2 >Could not convert SID S-1-5-2 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-11 couldn't be found >winbind failed to find a gid for sid S-1-5-11 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-11 >Could not convert SID S-1-5-11 to gid, ignoring it >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >Got NT session key of length 16 >ntlmssp_server_auth: Created NTLM2 session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >register_existing_vuid: (123,123) Administrator Administrator TESTPC guest=0 >register_existing_vuid: User name: Administrator Real name: Administrator >register_existing_vuid: UNIX uid 123 is UNIX user Administrator, and will be vuid 100 >Locking key 49442F31323834312F31 >Allocated locked data 0x0x7fb62406fa60 >Unlocking key 49442F31323834312F31 >lp_servicenumber: couldn't find Administrator >Adding homes service for user 'Administrator' using home directory: '/home/administrator' >lp_servicenumber: couldn't find homes >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >size=106 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=128 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=63 >[0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x >[0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 >[0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S >[0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 3 of length 96 (0 toread) >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=192 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 >[0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 54 ...5...2 .3.2.\.T >[0020] 00 45 00 53 00 54 00 24 00 00 00 3F 3F 3F 3F 3F .E.S.T.$ ...????? >[0030] 00 . >switch message SMBtconX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [TEST$] >making a connection to 'normal' service test$ >user_ok_token: share test$ is ok for unix user Administrator >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Finding user Administrator >Trying _Get_Pwnam(), username as lowercase is administrator >Trying _Get_Pwnam(), username as given is Administrator >Get_Pwnam_internals did find user [Administrator]! >set_conn_connectpath: service test$, connectpath = /testshare >Connect path is '/testshare' for service [test$] >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >Initialising default vfs hooks >vfs_find_backend_entry called for /[Default VFS]/ >Successfully added vfs backend '/[Default VFS]/' >vfs_find_backend_entry called for posixacl >Successfully added vfs backend 'posixacl' >Initialising custom vfs hooks from [/[Default VFS]/] >vfs_find_backend_entry called for /[Default VFS]/ >Successfully loaded vfs module [/[Default VFS]/] with the new modules system >Checking operation #0 (type 0, layer 0) >Making operation type 0 opaque [module /[Default VFS]/] >Accepting operation type 0 from module /[Default VFS]/ >Checking operation #1 (type 1, layer 0) >Making operation type 1 opaque [module /[Default VFS]/] >Accepting operation type 1 from module /[Default VFS]/ >Checking operation #2 (type 2, layer 0) >Making operation type 2 opaque [module /[Default VFS]/] >Accepting operation type 2 from module /[Default VFS]/ >Checking operation #3 (type 3, layer 0) >Making operation type 3 opaque [module /[Default VFS]/] >Accepting operation type 3 from module /[Default VFS]/ >Checking operation #4 (type 4, layer 0) >Making operation type 4 opaque [module /[Default VFS]/] >Accepting operation type 4 from module /[Default VFS]/ >Checking operation #5 (type 5, layer 0) >Making operation type 5 opaque [module /[Default VFS]/] >Accepting operation type 5 from module /[Default VFS]/ >Checking operation #6 (type 6, layer 0) >Making operation type 6 opaque [module /[Default VFS]/] >Accepting operation type 6 from module /[Default VFS]/ >Checking operation #7 (type 7, layer 0) >Making operation type 7 opaque [module /[Default VFS]/] >Accepting operation type 7 from module /[Default VFS]/ >Checking operation #8 (type 8, layer 0) >Making operation type 8 opaque [module /[Default VFS]/] >Accepting operation type 8 from module /[Default VFS]/ >Checking operation #9 (type 9, layer 0) >Making operation type 9 opaque [module /[Default VFS]/] >Accepting operation type 9 from module /[Default VFS]/ >Checking operation #10 (type 10, layer 0) >Making operation type 10 opaque [module /[Default VFS]/] >Accepting operation type 10 from module /[Default VFS]/ >Checking operation #11 (type 11, layer 0) >Making operation type 11 opaque [module /[Default VFS]/] >Accepting operation type 11 from module /[Default VFS]/ >Checking operation #12 (type 12, layer 0) >Making operation type 12 opaque [module /[Default VFS]/] >Accepting operation type 12 from module /[Default VFS]/ >Checking operation #13 (type 13, layer 0) >Making operation type 13 opaque [module /[Default VFS]/] >Accepting operation type 13 from module /[Default VFS]/ >Checking operation #14 (type 14, layer 0) >Making operation type 14 opaque [module /[Default VFS]/] >Accepting operation type 14 from module /[Default VFS]/ >Checking operation #15 (type 15, layer 0) >Making operation type 15 opaque [module /[Default VFS]/] >Accepting operation type 15 from module /[Default VFS]/ >Checking operation #16 (type 16, layer 0) >Making operation type 16 opaque [module /[Default VFS]/] >Accepting operation type 16 from module /[Default VFS]/ >Checking operation #17 (type 17, layer 0) >Making operation type 17 opaque [module /[Default VFS]/] >Accepting operation type 17 from module /[Default VFS]/ >Checking operation #18 (type 18, layer 0) >Making operation type 18 opaque [module /[Default VFS]/] >Accepting operation type 18 from module /[Default VFS]/ >Checking operation #19 (type 19, layer 0) >Making operation type 19 opaque [module /[Default VFS]/] >Accepting operation type 19 from module /[Default VFS]/ >Checking operation #20 (type 20, layer 0) >Making operation type 20 opaque [module /[Default VFS]/] >Accepting operation type 20 from module /[Default VFS]/ >Checking operation #21 (type 21, layer 0) >Making operation type 21 opaque [module /[Default VFS]/] >Accepting operation type 21 from module /[Default VFS]/ >Checking operation #22 (type 22, layer 0) >Making operation type 22 opaque [module /[Default VFS]/] >Accepting operation type 22 from module /[Default VFS]/ >Checking operation #23 (type 23, layer 0) >Making operation type 23 opaque [module /[Default VFS]/] >Accepting operation type 23 from module /[Default VFS]/ >Checking operation #24 (type 24, layer 0) >Making operation type 24 opaque [module /[Default VFS]/] >Accepting operation type 24 from module /[Default VFS]/ >Checking operation #25 (type 25, layer 0) >Making operation type 25 opaque [module /[Default VFS]/] >Accepting operation type 25 from module /[Default VFS]/ >Checking operation #26 (type 26, layer 0) >Making operation type 26 opaque [module /[Default VFS]/] >Accepting operation type 26 from module /[Default VFS]/ >Checking operation #27 (type 27, layer 0) >Making operation type 27 opaque [module /[Default VFS]/] >Accepting operation type 27 from module /[Default VFS]/ >Checking operation #28 (type 28, layer 0) >Making operation type 28 opaque [module /[Default VFS]/] >Accepting operation type 28 from module /[Default VFS]/ >Checking operation #29 (type 29, layer 0) >Making operation type 29 opaque [module /[Default VFS]/] >Accepting operation type 29 from module /[Default VFS]/ >Checking operation #30 (type 30, layer 0) >Making operation type 30 opaque [module /[Default VFS]/] >Accepting operation type 30 from module /[Default VFS]/ >Checking operation #31 (type 31, layer 0) >Making operation type 31 opaque [module /[Default VFS]/] >Accepting operation type 31 from module /[Default VFS]/ >Checking operation #32 (type 32, layer 0) >Making operation type 32 opaque [module /[Default VFS]/] >Accepting operation type 32 from module /[Default VFS]/ >Checking operation #33 (type 33, layer 0) >Making operation type 33 opaque [module /[Default VFS]/] >Accepting operation type 33 from module /[Default VFS]/ >Checking operation #34 (type 34, layer 0) >Making operation type 34 opaque [module /[Default VFS]/] >Accepting operation type 34 from module /[Default VFS]/ >Checking operation #35 (type 35, layer 0) >Making operation type 35 opaque [module /[Default VFS]/] >Accepting operation type 35 from module /[Default VFS]/ >Checking operation #36 (type 36, layer 0) >Making operation type 36 opaque [module /[Default VFS]/] >Accepting operation type 36 from module /[Default VFS]/ >Checking operation #37 (type 37, layer 0) >Making operation type 37 opaque [module /[Default VFS]/] >Accepting operation type 37 from module /[Default VFS]/ >Checking operation #38 (type 38, layer 0) >Making operation type 38 opaque [module /[Default VFS]/] >Accepting operation type 38 from module /[Default VFS]/ >Checking operation #39 (type 39, layer 0) >Making operation type 39 opaque [module /[Default VFS]/] >Accepting operation type 39 from module /[Default VFS]/ >Checking operation #40 (type 40, layer 0) >Making operation type 40 opaque [module /[Default VFS]/] >Accepting operation type 40 from module /[Default VFS]/ >Checking operation #41 (type 41, layer 0) >Making operation type 41 opaque [module /[Default VFS]/] >Accepting operation type 41 from module /[Default VFS]/ >Checking operation #42 (type 42, layer 0) >Making operation type 42 opaque [module /[Default VFS]/] >Accepting operation type 42 from module /[Default VFS]/ >Checking operation #43 (type 43, layer 0) >Making operation type 43 opaque [module /[Default VFS]/] >Accepting operation type 43 from module /[Default VFS]/ >Checking operation #44 (type 44, layer 0) >Making operation type 44 opaque [module /[Default VFS]/] >Accepting operation type 44 from module /[Default VFS]/ >Checking operation #45 (type 45, layer 0) >Making operation type 45 opaque [module /[Default VFS]/] >Accepting operation type 45 from module /[Default VFS]/ >Checking operation #46 (type 46, layer 0) >Making operation type 46 opaque [module /[Default VFS]/] >Accepting operation type 46 from module /[Default VFS]/ >Checking operation #47 (type 47, layer 0) >Making operation type 47 opaque [module /[Default VFS]/] >Accepting operation type 47 from module /[Default VFS]/ >Checking operation #48 (type 48, layer 0) >Making operation type 48 opaque [module /[Default VFS]/] >Accepting operation type 48 from module /[Default VFS]/ >Checking operation #49 (type 49, layer 0) >Making operation type 49 opaque [module /[Default VFS]/] >Accepting operation type 49 from module /[Default VFS]/ >Checking operation #50 (type 50, layer 0) >Making operation type 50 opaque [module /[Default VFS]/] >Accepting operation type 50 from module /[Default VFS]/ >Checking operation #51 (type 51, layer 0) >Making operation type 51 opaque [module /[Default VFS]/] >Accepting operation type 51 from module /[Default VFS]/ >Checking operation #52 (type 52, layer 0) >Making operation type 52 opaque [module /[Default VFS]/] >Accepting operation type 52 from module /[Default VFS]/ >Checking operation #53 (type 53, layer 0) >Making operation type 53 opaque [module /[Default VFS]/] >Accepting operation type 53 from module /[Default VFS]/ >Checking operation #54 (type 54, layer 0) >Making operation type 54 opaque [module /[Default VFS]/] >Accepting operation type 54 from module /[Default VFS]/ >Checking operation #55 (type 55, layer 0) >Making operation type 55 opaque [module /[Default VFS]/] >Accepting operation type 55 from module /[Default VFS]/ >Checking operation #56 (type 56, layer 0) >Making operation type 56 opaque [module /[Default VFS]/] >Accepting operation type 56 from module /[Default VFS]/ >Checking operation #57 (type 57, layer 0) >Making operation type 57 opaque [module /[Default VFS]/] >Accepting operation type 57 from module /[Default VFS]/ >Checking operation #58 (type 58, layer 0) >Making operation type 58 opaque [module /[Default VFS]/] >Accepting operation type 58 from module /[Default VFS]/ >Checking operation #59 (type 59, layer 0) >Making operation type 59 opaque [module /[Default VFS]/] >Accepting operation type 59 from module /[Default VFS]/ >Checking operation #60 (type 60, layer 0) >Making operation type 60 opaque [module /[Default VFS]/] >Accepting operation type 60 from module /[Default VFS]/ >Checking operation #61 (type 61, layer 0) >Making operation type 61 opaque [module /[Default VFS]/] >Accepting operation type 61 from module /[Default VFS]/ >Checking operation #62 (type 62, layer 0) >Making operation type 62 opaque [module /[Default VFS]/] >Accepting operation type 62 from module /[Default VFS]/ >Checking operation #63 (type 63, layer 0) >Making operation type 63 opaque [module /[Default VFS]/] >Accepting operation type 63 from module /[Default VFS]/ >Checking operation #64 (type 64, layer 0) >Making operation type 64 opaque [module /[Default VFS]/] >Accepting operation type 64 from module /[Default VFS]/ >Checking operation #65 (type 65, layer 0) >Making operation type 65 opaque [module /[Default VFS]/] >Accepting operation type 65 from module /[Default VFS]/ >Checking operation #66 (type 66, layer 0) >Making operation type 66 opaque [module /[Default VFS]/] >Accepting operation type 66 from module /[Default VFS]/ >Checking operation #67 (type 67, layer 0) >Making operation type 67 opaque [module /[Default VFS]/] >Accepting operation type 67 from module /[Default VFS]/ >Checking operation #68 (type 68, layer 0) >Making operation type 68 opaque [module /[Default VFS]/] >Accepting operation type 68 from module /[Default VFS]/ >Checking operation #69 (type 69, layer 0) >Making operation type 69 opaque [module /[Default VFS]/] >Accepting operation type 69 from module /[Default VFS]/ >Checking operation #70 (type 70, layer 0) >Making operation type 70 opaque [module /[Default VFS]/] >Accepting operation type 70 from module /[Default VFS]/ >Checking operation #71 (type 71, layer 0) >Making operation type 71 opaque [module /[Default VFS]/] >Accepting operation type 71 from module /[Default VFS]/ >Checking operation #72 (type 72, layer 0) >Making operation type 72 opaque [module /[Default VFS]/] >Accepting operation type 72 from module /[Default VFS]/ >Checking operation #73 (type 73, layer 0) >Making operation type 73 opaque [module /[Default VFS]/] >Accepting operation type 73 from module /[Default VFS]/ >Checking operation #74 (type 74, layer 0) >Making operation type 74 opaque [module /[Default VFS]/] >Accepting operation type 74 from module /[Default VFS]/ >Checking operation #75 (type 75, layer 0) >Making operation type 75 opaque [module /[Default VFS]/] >Accepting operation type 75 from module /[Default VFS]/ >Checking operation #76 (type 76, layer 0) >Making operation type 76 opaque [module /[Default VFS]/] >Accepting operation type 76 from module /[Default VFS]/ >Checking operation #77 (type 77, layer 0) >Making operation type 77 opaque [module /[Default VFS]/] >Accepting operation type 77 from module /[Default VFS]/ >Checking operation #78 (type 78, layer 0) >Making operation type 78 opaque [module /[Default VFS]/] >Accepting operation type 78 from module /[Default VFS]/ >Checking operation #79 (type 79, layer 0) >Making operation type 79 opaque [module /[Default VFS]/] >Accepting operation type 79 from module /[Default VFS]/ >Checking operation #80 (type 80, layer 0) >Making operation type 80 opaque [module /[Default VFS]/] >Accepting operation type 80 from module /[Default VFS]/ >Checking operation #81 (type 81, layer 0) >Making operation type 81 opaque [module /[Default VFS]/] >Accepting operation type 81 from module /[Default VFS]/ >Checking operation #82 (type 82, layer 0) >Making operation type 82 opaque [module /[Default VFS]/] >Accepting operation type 82 from module /[Default VFS]/ >Checking operation #83 (type 83, layer 0) >Making operation type 83 opaque [module /[Default VFS]/] >Accepting operation type 83 from module /[Default VFS]/ >Checking operation #84 (type 84, layer 0) >Making operation type 84 opaque [module /[Default VFS]/] >Accepting operation type 84 from module /[Default VFS]/ >Checking operation #85 (type 85, layer 0) >Making operation type 85 opaque [module /[Default VFS]/] >Accepting operation type 85 from module /[Default VFS]/ >Checking operation #86 (type 86, layer 0) >Making operation type 86 opaque [module /[Default VFS]/] >Accepting operation type 86 from module /[Default VFS]/ >Checking operation #87 (type 87, layer 0) >Making operation type 87 opaque [module /[Default VFS]/] >Accepting operation type 87 from module /[Default VFS]/ >Checking operation #88 (type 88, layer 0) >Making operation type 88 opaque [module /[Default VFS]/] >Accepting operation type 88 from module /[Default VFS]/ >Checking operation #89 (type 89, layer 0) >Making operation type 89 opaque [module /[Default VFS]/] >Accepting operation type 89 from module /[Default VFS]/ >Checking operation #90 (type 90, layer 0) >Making operation type 90 opaque [module /[Default VFS]/] >Accepting operation type 90 from module /[Default VFS]/ >Checking operation #91 (type 91, layer 0) >Making operation type 91 opaque [module /[Default VFS]/] >Accepting operation type 91 from module /[Default VFS]/ >Checking operation #92 (type 92, layer 0) >Making operation type 92 opaque [module /[Default VFS]/] >Accepting operation type 92 from module /[Default VFS]/ >Checking operation #93 (type 93, layer 0) >Making operation type 93 opaque [module /[Default VFS]/] >Accepting operation type 93 from module /[Default VFS]/ >Checking operation #94 (type 94, layer 0) >Making operation type 94 opaque [module /[Default VFS]/] >Accepting operation type 94 from module /[Default VFS]/ >Checking operation #95 (type 95, layer 0) >Making operation type 95 opaque [module /[Default VFS]/] >Accepting operation type 95 from module /[Default VFS]/ >Checking operation #96 (type 96, layer 0) >Making operation type 96 opaque [module /[Default VFS]/] >Accepting operation type 96 from module /[Default VFS]/ >Checking operation #97 (type 97, layer 0) >Making operation type 97 opaque [module /[Default VFS]/] >Accepting operation type 97 from module /[Default VFS]/ >Checking operation #98 (type 98, layer 0) >Making operation type 98 opaque [module /[Default VFS]/] >Accepting operation type 98 from module /[Default VFS]/ >Checking operation #99 (type 99, layer 0) >Making operation type 99 opaque [module /[Default VFS]/] >Accepting operation type 99 from module /[Default VFS]/ >Checking operation #100 (type 100, layer 0) >Making operation type 100 opaque [module /[Default VFS]/] >Accepting operation type 100 from module /[Default VFS]/ >Checking operation #101 (type 101, layer 0) >Making operation type 101 opaque [module /[Default VFS]/] >Accepting operation type 101 from module /[Default VFS]/ >Checking operation #102 (type 102, layer 0) >Making operation type 102 opaque [module /[Default VFS]/] >Accepting operation type 102 from module /[Default VFS]/ >Checking operation #103 (type 103, layer 0) >Making operation type 103 opaque [module /[Default VFS]/] >Accepting operation type 103 from module /[Default VFS]/ >Checking operation #104 (type 104, layer 0) >Making operation type 104 opaque [module /[Default VFS]/] >Accepting operation type 104 from module /[Default VFS]/ >Checking operation #105 (type 105, layer 0) >Making operation type 105 opaque [module /[Default VFS]/] >Accepting operation type 105 from module /[Default VFS]/ >Checking operation #106 (type 106, layer 0) >Making operation type 106 opaque [module /[Default VFS]/] >Accepting operation type 106 from module /[Default VFS]/ >Checking operation #107 (type 107, layer 0) >Making operation type 107 opaque [module /[Default VFS]/] >Accepting operation type 107 from module /[Default VFS]/ >Checking operation #108 (type 108, layer 0) >Making operation type 108 opaque [module /[Default VFS]/] >Accepting operation type 108 from module /[Default VFS]/ >Checking operation #109 (type 109, layer 0) >Making operation type 109 opaque [module /[Default VFS]/] >Accepting operation type 109 from module /[Default VFS]/ >Checking operation #110 (type 110, layer 0) >Making operation type 110 opaque [module /[Default VFS]/] >Accepting operation type 110 from module /[Default VFS]/ >claiming [test$] >Locking key 29320000010000007465 >Allocated locked data 0x0x7fb624085f10 >Unlocking key 29320000010000007465 >user_ok_token: share test$ is ok for unix user Administrator >is_share_read_only_for_user: share test$ is read-write for unix user Administrator >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >czc7487t0x (10.225.5.207) connect to service test$ initially as user Administrator (uid=123, gid=123) (pid 12841) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=TEST$ >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 4 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=256 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=256 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 76 >got message type 0x0 of len 0x4c >Transaction 5 of length 80 (0 toread) >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=320 >smt_wct=15 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 8 (0x8) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=11 >[0000] 00 00 00 EC 03 00 00 00 00 00 00 ........ ... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "" >conversion finished "" -> . >fetch_share_mode_unlocked: no share_mode record around (file not open) >call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: . >dos_mode_from_sbuf returning d >dos_mode returning d >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION >SMB_QFBI - create: Tue Feb 23 08:59:59 2010 > access: Tue Feb 23 09:06:29 2010 > write: Tue Feb 23 08:59:59 2010 > change: Tue Feb 23 08:59:59 2010 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=320 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=45 >[0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 B0 52 ......i. 1^.....R >[0010] 1A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD ._....i. 1^....i. >[0020] 31 5E B4 CA 01 10 00 00 00 00 00 00 00 1^...... ..... >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 6 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=384 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=384 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 206 >got message type 0x0 of len 0xce >Transaction 7 of length 210 (0 toread) >size=206 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=448 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 206 (0xCE) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 74 (0x4A) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=147 >[0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. >[0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* >[0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... >[0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n >[0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 >[0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W >[0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. >[0090] 00 00 00 ... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >register_initial_vuid: allocated vuid = 101 >check_spnego_blob_complete: needed_len = 74, pblob->length = 74 >parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >reply_spnego_negotiate: Got secblob of size 40 >Making default auth method list for security=server >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match smbserver >load_auth_module: auth method smbserver has a valid init >Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: getting challenge from module smbserver >Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >sitename_fetch: No stored sitename for >internal_resolve_name: looking up *#20 (sitename (null)) >Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 >name *#20 found. >s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 >s3_event: Added timed event "tevent_req_timedout": 0x7fb6240095f0 >Running timed event "tevent_req_timedout" 0x7fb624086680 >s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb62407e6a0 >Connecting to 10.225.3.7 at port 445 >s3_event: Added timed event "tevent_req_timedout": 0x7fb6240807a0 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb6240807a0 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb62407e6a0 "tevent_req_timedout" >Running timed event "tevent_req_timedout" 0x7fb6240095f0 >s3_event: Destroying timer event 0x7fb6240095f0 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb624077f00 >Connecting to 10.225.3.7 at port 139 >s3_event: Added timed event "tevent_req_timedout": 0x7fb624081100 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb624081100 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb624077f00 "tevent_req_timedout" >Error connecting to 10.225.3.7 (Connection refused) >server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED >password server not available >auth_get_challenge: getting challenge from authentication method smbserver FAILED. >auth_context challenge created by random >challenge is: >[0000] 8E B2 B4 F5 84 B1 12 39 .......9 >size=318 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=448 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 221 (0xDD) >smb_bcc=275 >[0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N >[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 >[0030] 00 00 00 15 82 8A E2 8E B2 B4 F5 84 B1 12 39 00 ........ ......9. >[0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T >[0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T >[0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T >[0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c >[0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a >[0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 >[00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s >[00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i >[00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u >[00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n >[00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a >[00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T >[0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P >[0110] 00 00 00 ... >got smb length of 248 >got message type 0x0 of len 0xf8 >Transaction 8 of length 252 (0 toread) >size=248 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=512 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 248 (0xF8) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 117 (0x75) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=189 >[0000] A1 73 30 71 A2 6F 04 6D 4E 54 4C 4D 53 53 50 00 .s0q.o.m NTLMSSP. >[0010] 03 00 00 00 01 00 01 00 5C 00 00 00 00 00 00 00 ........ \....... >[0020] 5D 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ]....... H....... >[0030] 48 00 00 00 14 00 14 00 48 00 00 00 10 00 10 00 H....... H....... >[0040] 5D 00 00 00 15 8A 88 E2 05 00 93 08 00 00 00 0F ]....... ........ >[0050] 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 54 00 C.Z.C.7. 4.8.7.T. >[0060] 30 00 58 00 00 41 1F 26 B7 0D 72 9A 0C A8 3C 32 0.X..A.& ..r...<2 >[0070] 1C 05 3E 9F DE 57 00 69 00 6E 00 64 00 6F 00 77 ..>..W.i .n.d.o.w >[0080] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 32 .s. .2.0 .0.0. .2 >[0090] 00 31 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 .1.9.5.. .W.i.n.d >[00A0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 >[00B0] 00 20 00 35 00 2E 00 30 00 00 00 00 00 . .5...0 ..... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >check_spnego_blob_complete: needed_len = 117, pblob->length = 117 >Got user=[] domain=[] workstation=[CZC7487T0X] len1=1 len2=0 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >Mapping user []\[] from workstation [CZC7487T0X] >Mapped domain from [] to [TESTPC] for user [] from workstation [CZC7487T0X] >attempting to make a user_info for () >making strings for 's user_info struct >making blobs for 's user_info struct >made an encrypted user_info for () >check_ntlm_password: Checking password for unmapped user []\[]@[CZC7487T0X] with the new password interface >check_ntlm_password: mapped user is: [TESTPC]\[]@[CZC7487T0X] >check_ntlm_password: auth_context challenge created by random >challenge is: >[0000] 8E B2 B4 F5 84 B1 12 39 .......9 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >check_ntlm_password: guest authentication for user [] succeeded >check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >attempting to free (and zero) a user_info structure >structure was created for >Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >winbind failed to find a gid for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >winbind failed to find a gid for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] >get_privileges_for_sids: sid = S-1-1-0 >Privilege set: >SE_PRIV 0x0 0x0 0x0 0x0 >get_privileges: No privileges assigned to SID [S-1-5-2] >get_privileges: No privileges assigned to SID [S-1-5-32-546] >Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found >winbind failed to find a gid for sid S-1-1-0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-1-0 >Could not convert SID S-1-1-0 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found >winbind failed to find a gid for sid S-1-5-2 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-2 >Could not convert SID S-1-5-2 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found >winbind failed to find a gid for sid S-1-5-32-546 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-546 >Could not convert SID S-1-5-32-546 to gid, ignoring it >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Using unmodified nt session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >register_existing_vuid: (65534,65533) nobody TESTPC guest=1 >register_existing_vuid: User name: nobody Real name: nobody >register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 101 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >size=106 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=512 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=63 >[0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x >[0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 >[0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S >[0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 9 of length 94 (0 toread) >size=90 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=576 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 90 (0x5A) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=47 >[0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 >[0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I >[0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. >switch message SMBtconX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >Finding user nobody >Trying _Get_Pwnam(), username as lowercase is nobody >Get_Pwnam_internals did find user [nobody]! >set_conn_connectpath: service IPC$, connectpath = /tmp >Connect path is '/tmp' for service [IPC$] >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >Initialising default vfs hooks >Initialising custom vfs hooks from [/[Default VFS]/] >vfs_find_backend_entry called for /[Default VFS]/ >Successfully loaded vfs module [/[Default VFS]/] with the new modules system >Checking operation #0 (type 0, layer 0) >Making operation type 0 opaque [module /[Default VFS]/] >Accepting operation type 0 from module /[Default VFS]/ >Checking operation #1 (type 1, layer 0) >Making operation type 1 opaque [module /[Default VFS]/] >Accepting operation type 1 from module /[Default VFS]/ >Checking operation #2 (type 2, layer 0) >Making operation type 2 opaque [module /[Default VFS]/] >Accepting operation type 2 from module /[Default VFS]/ >Checking operation #3 (type 3, layer 0) >Making operation type 3 opaque [module /[Default VFS]/] >Accepting operation type 3 from module /[Default VFS]/ >Checking operation #4 (type 4, layer 0) >Making operation type 4 opaque [module /[Default VFS]/] >Accepting operation type 4 from module /[Default VFS]/ >Checking operation #5 (type 5, layer 0) >Making operation type 5 opaque [module /[Default VFS]/] >Accepting operation type 5 from module /[Default VFS]/ >Checking operation #6 (type 6, layer 0) >Making operation type 6 opaque [module /[Default VFS]/] >Accepting operation type 6 from module /[Default VFS]/ >Checking operation #7 (type 7, layer 0) >Making operation type 7 opaque [module /[Default VFS]/] >Accepting operation type 7 from module /[Default VFS]/ >Checking operation #8 (type 8, layer 0) >Making operation type 8 opaque [module /[Default VFS]/] >Accepting operation type 8 from module /[Default VFS]/ >Checking operation #9 (type 9, layer 0) >Making operation type 9 opaque [module /[Default VFS]/] >Accepting operation type 9 from module /[Default VFS]/ >Checking operation #10 (type 10, layer 0) >Making operation type 10 opaque [module /[Default VFS]/] >Accepting operation type 10 from module /[Default VFS]/ >Checking operation #11 (type 11, layer 0) >Making operation type 11 opaque [module /[Default VFS]/] >Accepting operation type 11 from module /[Default VFS]/ >Checking operation #12 (type 12, layer 0) >Making operation type 12 opaque [module /[Default VFS]/] >Accepting operation type 12 from module /[Default VFS]/ >Checking operation #13 (type 13, layer 0) >Making operation type 13 opaque [module /[Default VFS]/] >Accepting operation type 13 from module /[Default VFS]/ >Checking operation #14 (type 14, layer 0) >Making operation type 14 opaque [module /[Default VFS]/] >Accepting operation type 14 from module /[Default VFS]/ >Checking operation #15 (type 15, layer 0) >Making operation type 15 opaque [module /[Default VFS]/] >Accepting operation type 15 from module /[Default VFS]/ >Checking operation #16 (type 16, layer 0) >Making operation type 16 opaque [module /[Default VFS]/] >Accepting operation type 16 from module /[Default VFS]/ >Checking operation #17 (type 17, layer 0) >Making operation type 17 opaque [module /[Default VFS]/] >Accepting operation type 17 from module /[Default VFS]/ >Checking operation #18 (type 18, layer 0) >Making operation type 18 opaque [module /[Default VFS]/] >Accepting operation type 18 from module /[Default VFS]/ >Checking operation #19 (type 19, layer 0) >Making operation type 19 opaque [module /[Default VFS]/] >Accepting operation type 19 from module /[Default VFS]/ >Checking operation #20 (type 20, layer 0) >Making operation type 20 opaque [module /[Default VFS]/] >Accepting operation type 20 from module /[Default VFS]/ >Checking operation #21 (type 21, layer 0) >Making operation type 21 opaque [module /[Default VFS]/] >Accepting operation type 21 from module /[Default VFS]/ >Checking operation #22 (type 22, layer 0) >Making operation type 22 opaque [module /[Default VFS]/] >Accepting operation type 22 from module /[Default VFS]/ >Checking operation #23 (type 23, layer 0) >Making operation type 23 opaque [module /[Default VFS]/] >Accepting operation type 23 from module /[Default VFS]/ >Checking operation #24 (type 24, layer 0) >Making operation type 24 opaque [module /[Default VFS]/] >Accepting operation type 24 from module /[Default VFS]/ >Checking operation #25 (type 25, layer 0) >Making operation type 25 opaque [module /[Default VFS]/] >Accepting operation type 25 from module /[Default VFS]/ >Checking operation #26 (type 26, layer 0) >Making operation type 26 opaque [module /[Default VFS]/] >Accepting operation type 26 from module /[Default VFS]/ >Checking operation #27 (type 27, layer 0) >Making operation type 27 opaque [module /[Default VFS]/] >Accepting operation type 27 from module /[Default VFS]/ >Checking operation #28 (type 28, layer 0) >Making operation type 28 opaque [module /[Default VFS]/] >Accepting operation type 28 from module /[Default VFS]/ >Checking operation #29 (type 29, layer 0) >Making operation type 29 opaque [module /[Default VFS]/] >Accepting operation type 29 from module /[Default VFS]/ >Checking operation #30 (type 30, layer 0) >Making operation type 30 opaque [module /[Default VFS]/] >Accepting operation type 30 from module /[Default VFS]/ >Checking operation #31 (type 31, layer 0) >Making operation type 31 opaque [module /[Default VFS]/] >Accepting operation type 31 from module /[Default VFS]/ >Checking operation #32 (type 32, layer 0) >Making operation type 32 opaque [module /[Default VFS]/] >Accepting operation type 32 from module /[Default VFS]/ >Checking operation #33 (type 33, layer 0) >Making operation type 33 opaque [module /[Default VFS]/] >Accepting operation type 33 from module /[Default VFS]/ >Checking operation #34 (type 34, layer 0) >Making operation type 34 opaque [module /[Default VFS]/] >Accepting operation type 34 from module /[Default VFS]/ >Checking operation #35 (type 35, layer 0) >Making operation type 35 opaque [module /[Default VFS]/] >Accepting operation type 35 from module /[Default VFS]/ >Checking operation #36 (type 36, layer 0) >Making operation type 36 opaque [module /[Default VFS]/] >Accepting operation type 36 from module /[Default VFS]/ >Checking operation #37 (type 37, layer 0) >Making operation type 37 opaque [module /[Default VFS]/] >Accepting operation type 37 from module /[Default VFS]/ >Checking operation #38 (type 38, layer 0) >Making operation type 38 opaque [module /[Default VFS]/] >Accepting operation type 38 from module /[Default VFS]/ >Checking operation #39 (type 39, layer 0) >Making operation type 39 opaque [module /[Default VFS]/] >Accepting operation type 39 from module /[Default VFS]/ >Checking operation #40 (type 40, layer 0) >Making operation type 40 opaque [module /[Default VFS]/] >Accepting operation type 40 from module /[Default VFS]/ >Checking operation #41 (type 41, layer 0) >Making operation type 41 opaque [module /[Default VFS]/] >Accepting operation type 41 from module /[Default VFS]/ >Checking operation #42 (type 42, layer 0) >Making operation type 42 opaque [module /[Default VFS]/] >Accepting operation type 42 from module /[Default VFS]/ >Checking operation #43 (type 43, layer 0) >Making operation type 43 opaque [module /[Default VFS]/] >Accepting operation type 43 from module /[Default VFS]/ >Checking operation #44 (type 44, layer 0) >Making operation type 44 opaque [module /[Default VFS]/] >Accepting operation type 44 from module /[Default VFS]/ >Checking operation #45 (type 45, layer 0) >Making operation type 45 opaque [module /[Default VFS]/] >Accepting operation type 45 from module /[Default VFS]/ >Checking operation #46 (type 46, layer 0) >Making operation type 46 opaque [module /[Default VFS]/] >Accepting operation type 46 from module /[Default VFS]/ >Checking operation #47 (type 47, layer 0) >Making operation type 47 opaque [module /[Default VFS]/] >Accepting operation type 47 from module /[Default VFS]/ >Checking operation #48 (type 48, layer 0) >Making operation type 48 opaque [module /[Default VFS]/] >Accepting operation type 48 from module /[Default VFS]/ >Checking operation #49 (type 49, layer 0) >Making operation type 49 opaque [module /[Default VFS]/] >Accepting operation type 49 from module /[Default VFS]/ >Checking operation #50 (type 50, layer 0) >Making operation type 50 opaque [module /[Default VFS]/] >Accepting operation type 50 from module /[Default VFS]/ >Checking operation #51 (type 51, layer 0) >Making operation type 51 opaque [module /[Default VFS]/] >Accepting operation type 51 from module /[Default VFS]/ >Checking operation #52 (type 52, layer 0) >Making operation type 52 opaque [module /[Default VFS]/] >Accepting operation type 52 from module /[Default VFS]/ >Checking operation #53 (type 53, layer 0) >Making operation type 53 opaque [module /[Default VFS]/] >Accepting operation type 53 from module /[Default VFS]/ >Checking operation #54 (type 54, layer 0) >Making operation type 54 opaque [module /[Default VFS]/] >Accepting operation type 54 from module /[Default VFS]/ >Checking operation #55 (type 55, layer 0) >Making operation type 55 opaque [module /[Default VFS]/] >Accepting operation type 55 from module /[Default VFS]/ >Checking operation #56 (type 56, layer 0) >Making operation type 56 opaque [module /[Default VFS]/] >Accepting operation type 56 from module /[Default VFS]/ >Checking operation #57 (type 57, layer 0) >Making operation type 57 opaque [module /[Default VFS]/] >Accepting operation type 57 from module /[Default VFS]/ >Checking operation #58 (type 58, layer 0) >Making operation type 58 opaque [module /[Default VFS]/] >Accepting operation type 58 from module /[Default VFS]/ >Checking operation #59 (type 59, layer 0) >Making operation type 59 opaque [module /[Default VFS]/] >Accepting operation type 59 from module /[Default VFS]/ >Checking operation #60 (type 60, layer 0) >Making operation type 60 opaque [module /[Default VFS]/] >Accepting operation type 60 from module /[Default VFS]/ >Checking operation #61 (type 61, layer 0) >Making operation type 61 opaque [module /[Default VFS]/] >Accepting operation type 61 from module /[Default VFS]/ >Checking operation #62 (type 62, layer 0) >Making operation type 62 opaque [module /[Default VFS]/] >Accepting operation type 62 from module /[Default VFS]/ >Checking operation #63 (type 63, layer 0) >Making operation type 63 opaque [module /[Default VFS]/] >Accepting operation type 63 from module /[Default VFS]/ >Checking operation #64 (type 64, layer 0) >Making operation type 64 opaque [module /[Default VFS]/] >Accepting operation type 64 from module /[Default VFS]/ >Checking operation #65 (type 65, layer 0) >Making operation type 65 opaque [module /[Default VFS]/] >Accepting operation type 65 from module /[Default VFS]/ >Checking operation #66 (type 66, layer 0) >Making operation type 66 opaque [module /[Default VFS]/] >Accepting operation type 66 from module /[Default VFS]/ >Checking operation #67 (type 67, layer 0) >Making operation type 67 opaque [module /[Default VFS]/] >Accepting operation type 67 from module /[Default VFS]/ >Checking operation #68 (type 68, layer 0) >Making operation type 68 opaque [module /[Default VFS]/] >Accepting operation type 68 from module /[Default VFS]/ >Checking operation #69 (type 69, layer 0) >Making operation type 69 opaque [module /[Default VFS]/] >Accepting operation type 69 from module /[Default VFS]/ >Checking operation #70 (type 70, layer 0) >Making operation type 70 opaque [module /[Default VFS]/] >Accepting operation type 70 from module /[Default VFS]/ >Checking operation #71 (type 71, layer 0) >Making operation type 71 opaque [module /[Default VFS]/] >Accepting operation type 71 from module /[Default VFS]/ >Checking operation #72 (type 72, layer 0) >Making operation type 72 opaque [module /[Default VFS]/] >Accepting operation type 72 from module /[Default VFS]/ >Checking operation #73 (type 73, layer 0) >Making operation type 73 opaque [module /[Default VFS]/] >Accepting operation type 73 from module /[Default VFS]/ >Checking operation #74 (type 74, layer 0) >Making operation type 74 opaque [module /[Default VFS]/] >Accepting operation type 74 from module /[Default VFS]/ >Checking operation #75 (type 75, layer 0) >Making operation type 75 opaque [module /[Default VFS]/] >Accepting operation type 75 from module /[Default VFS]/ >Checking operation #76 (type 76, layer 0) >Making operation type 76 opaque [module /[Default VFS]/] >Accepting operation type 76 from module /[Default VFS]/ >Checking operation #77 (type 77, layer 0) >Making operation type 77 opaque [module /[Default VFS]/] >Accepting operation type 77 from module /[Default VFS]/ >Checking operation #78 (type 78, layer 0) >Making operation type 78 opaque [module /[Default VFS]/] >Accepting operation type 78 from module /[Default VFS]/ >Checking operation #79 (type 79, layer 0) >Making operation type 79 opaque [module /[Default VFS]/] >Accepting operation type 79 from module /[Default VFS]/ >Checking operation #80 (type 80, layer 0) >Making operation type 80 opaque [module /[Default VFS]/] >Accepting operation type 80 from module /[Default VFS]/ >Checking operation #81 (type 81, layer 0) >Making operation type 81 opaque [module /[Default VFS]/] >Accepting operation type 81 from module /[Default VFS]/ >Checking operation #82 (type 82, layer 0) >Making operation type 82 opaque [module /[Default VFS]/] >Accepting operation type 82 from module /[Default VFS]/ >Checking operation #83 (type 83, layer 0) >Making operation type 83 opaque [module /[Default VFS]/] >Accepting operation type 83 from module /[Default VFS]/ >Checking operation #84 (type 84, layer 0) >Making operation type 84 opaque [module /[Default VFS]/] >Accepting operation type 84 from module /[Default VFS]/ >Checking operation #85 (type 85, layer 0) >Making operation type 85 opaque [module /[Default VFS]/] >Accepting operation type 85 from module /[Default VFS]/ >Checking operation #86 (type 86, layer 0) >Making operation type 86 opaque [module /[Default VFS]/] >Accepting operation type 86 from module /[Default VFS]/ >Checking operation #87 (type 87, layer 0) >Making operation type 87 opaque [module /[Default VFS]/] >Accepting operation type 87 from module /[Default VFS]/ >Checking operation #88 (type 88, layer 0) >Making operation type 88 opaque [module /[Default VFS]/] >Accepting operation type 88 from module /[Default VFS]/ >Checking operation #89 (type 89, layer 0) >Making operation type 89 opaque [module /[Default VFS]/] >Accepting operation type 89 from module /[Default VFS]/ >Checking operation #90 (type 90, layer 0) >Making operation type 90 opaque [module /[Default VFS]/] >Accepting operation type 90 from module /[Default VFS]/ >Checking operation #91 (type 91, layer 0) >Making operation type 91 opaque [module /[Default VFS]/] >Accepting operation type 91 from module /[Default VFS]/ >Checking operation #92 (type 92, layer 0) >Making operation type 92 opaque [module /[Default VFS]/] >Accepting operation type 92 from module /[Default VFS]/ >Checking operation #93 (type 93, layer 0) >Making operation type 93 opaque [module /[Default VFS]/] >Accepting operation type 93 from module /[Default VFS]/ >Checking operation #94 (type 94, layer 0) >Making operation type 94 opaque [module /[Default VFS]/] >Accepting operation type 94 from module /[Default VFS]/ >Checking operation #95 (type 95, layer 0) >Making operation type 95 opaque [module /[Default VFS]/] >Accepting operation type 95 from module /[Default VFS]/ >Checking operation #96 (type 96, layer 0) >Making operation type 96 opaque [module /[Default VFS]/] >Accepting operation type 96 from module /[Default VFS]/ >Checking operation #97 (type 97, layer 0) >Making operation type 97 opaque [module /[Default VFS]/] >Accepting operation type 97 from module /[Default VFS]/ >Checking operation #98 (type 98, layer 0) >Making operation type 98 opaque [module /[Default VFS]/] >Accepting operation type 98 from module /[Default VFS]/ >Checking operation #99 (type 99, layer 0) >Making operation type 99 opaque [module /[Default VFS]/] >Accepting operation type 99 from module /[Default VFS]/ >Checking operation #100 (type 100, layer 0) >Making operation type 100 opaque [module /[Default VFS]/] >Accepting operation type 100 from module /[Default VFS]/ >Checking operation #101 (type 101, layer 0) >Making operation type 101 opaque [module /[Default VFS]/] >Accepting operation type 101 from module /[Default VFS]/ >Checking operation #102 (type 102, layer 0) >Making operation type 102 opaque [module /[Default VFS]/] >Accepting operation type 102 from module /[Default VFS]/ >Checking operation #103 (type 103, layer 0) >Making operation type 103 opaque [module /[Default VFS]/] >Accepting operation type 103 from module /[Default VFS]/ >Checking operation #104 (type 104, layer 0) >Making operation type 104 opaque [module /[Default VFS]/] >Accepting operation type 104 from module /[Default VFS]/ >Checking operation #105 (type 105, layer 0) >Making operation type 105 opaque [module /[Default VFS]/] >Accepting operation type 105 from module /[Default VFS]/ >Checking operation #106 (type 106, layer 0) >Making operation type 106 opaque [module /[Default VFS]/] >Accepting operation type 106 from module /[Default VFS]/ >Checking operation #107 (type 107, layer 0) >Making operation type 107 opaque [module /[Default VFS]/] >Accepting operation type 107 from module /[Default VFS]/ >Checking operation #108 (type 108, layer 0) >Making operation type 108 opaque [module /[Default VFS]/] >Accepting operation type 108 from module /[Default VFS]/ >Checking operation #109 (type 109, layer 0) >Making operation type 109 opaque [module /[Default VFS]/] >Accepting operation type 109 from module /[Default VFS]/ >Checking operation #110 (type 110, layer 0) >Making operation type 110 opaque [module /[Default VFS]/] >Accepting operation type 110 from module /[Default VFS]/ >claiming [IPC$] >Locking key 29320000020000004950 >Allocated locked data 0x0x7fb624085bd0 >Unlocking key 29320000020000004950 >user_ok_token: share IPC$ is ok for unix user nobody >is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >czc7487t0x (10.225.5.207) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 12841) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 10 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=101 >smb_mid=640 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=101 >smb_mid=640 >smt_wct=0 >smb_bcc=0 >got smb length of 39 >got message type 0x0 of len 0x27 >Transaction 11 of length 43 (0 toread) >size=39 >smb_com=0x74 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=704 >smt_wct=2 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_bcc=0 >switch message SMBulogoffX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >ulogoffX vuid=101 >got smb length of 35 >got message type 0x0 of len 0x23 >Transaction 12 of length 39 (0 toread) >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=101 >smb_mid=768 >smt_wct=0 >smb_bcc=0 >switch message SMBtdis (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >czc7487t0x (10.225.5.207) closed connection to service IPC$ >Yielding connection to IPC$ >Locking key 29320000020000004950 >Allocated locked data 0x0x7fb62407daa0 >Unlocking key 29320000020000004950 >vfs_ChDir to / >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=101 >smb_mid=768 >smt_wct=0 >smb_bcc=0 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 13 of length 94 (0 toread) >size=90 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=832 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 90 (0x5A) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=47 >[0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 >[0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I >[0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. >switch message SMBtconX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >user_ok_token: share IPC$ is ok for unix user Administrator >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Finding user Administrator >Trying _Get_Pwnam(), username as lowercase is administrator >Trying _Get_Pwnam(), username as given is Administrator >Get_Pwnam_internals did find user [Administrator]! >set_conn_connectpath: service IPC$, connectpath = /tmp >Connect path is '/tmp' for service [IPC$] >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >Initialising default vfs hooks >Initialising custom vfs hooks from [/[Default VFS]/] >vfs_find_backend_entry called for /[Default VFS]/ >Successfully loaded vfs module [/[Default VFS]/] with the new modules system >Checking operation #0 (type 0, layer 0) >Making operation type 0 opaque [module /[Default VFS]/] >Accepting operation type 0 from module /[Default VFS]/ >Checking operation #1 (type 1, layer 0) >Making operation type 1 opaque [module /[Default VFS]/] >Accepting operation type 1 from module /[Default VFS]/ >Checking operation #2 (type 2, layer 0) >Making operation type 2 opaque [module /[Default VFS]/] >Accepting operation type 2 from module /[Default VFS]/ >Checking operation #3 (type 3, layer 0) >Making operation type 3 opaque [module /[Default VFS]/] >Accepting operation type 3 from module /[Default VFS]/ >Checking operation #4 (type 4, layer 0) >Making operation type 4 opaque [module /[Default VFS]/] >Accepting operation type 4 from module /[Default VFS]/ >Checking operation #5 (type 5, layer 0) >Making operation type 5 opaque [module /[Default VFS]/] >Accepting operation type 5 from module /[Default VFS]/ >Checking operation #6 (type 6, layer 0) >Making operation type 6 opaque [module /[Default VFS]/] >Accepting operation type 6 from module /[Default VFS]/ >Checking operation #7 (type 7, layer 0) >Making operation type 7 opaque [module /[Default VFS]/] >Accepting operation type 7 from module /[Default VFS]/ >Checking operation #8 (type 8, layer 0) >Making operation type 8 opaque [module /[Default VFS]/] >Accepting operation type 8 from module /[Default VFS]/ >Checking operation #9 (type 9, layer 0) >Making operation type 9 opaque [module /[Default VFS]/] >Accepting operation type 9 from module /[Default VFS]/ >Checking operation #10 (type 10, layer 0) >Making operation type 10 opaque [module /[Default VFS]/] >Accepting operation type 10 from module /[Default VFS]/ >Checking operation #11 (type 11, layer 0) >Making operation type 11 opaque [module /[Default VFS]/] >Accepting operation type 11 from module /[Default VFS]/ >Checking operation #12 (type 12, layer 0) >Making operation type 12 opaque [module /[Default VFS]/] >Accepting operation type 12 from module /[Default VFS]/ >Checking operation #13 (type 13, layer 0) >Making operation type 13 opaque [module /[Default VFS]/] >Accepting operation type 13 from module /[Default VFS]/ >Checking operation #14 (type 14, layer 0) >Making operation type 14 opaque [module /[Default VFS]/] >Accepting operation type 14 from module /[Default VFS]/ >Checking operation #15 (type 15, layer 0) >Making operation type 15 opaque [module /[Default VFS]/] >Accepting operation type 15 from module /[Default VFS]/ >Checking operation #16 (type 16, layer 0) >Making operation type 16 opaque [module /[Default VFS]/] >Accepting operation type 16 from module /[Default VFS]/ >Checking operation #17 (type 17, layer 0) >Making operation type 17 opaque [module /[Default VFS]/] >Accepting operation type 17 from module /[Default VFS]/ >Checking operation #18 (type 18, layer 0) >Making operation type 18 opaque [module /[Default VFS]/] >Accepting operation type 18 from module /[Default VFS]/ >Checking operation #19 (type 19, layer 0) >Making operation type 19 opaque [module /[Default VFS]/] >Accepting operation type 19 from module /[Default VFS]/ >Checking operation #20 (type 20, layer 0) >Making operation type 20 opaque [module /[Default VFS]/] >Accepting operation type 20 from module /[Default VFS]/ >Checking operation #21 (type 21, layer 0) >Making operation type 21 opaque [module /[Default VFS]/] >Accepting operation type 21 from module /[Default VFS]/ >Checking operation #22 (type 22, layer 0) >Making operation type 22 opaque [module /[Default VFS]/] >Accepting operation type 22 from module /[Default VFS]/ >Checking operation #23 (type 23, layer 0) >Making operation type 23 opaque [module /[Default VFS]/] >Accepting operation type 23 from module /[Default VFS]/ >Checking operation #24 (type 24, layer 0) >Making operation type 24 opaque [module /[Default VFS]/] >Accepting operation type 24 from module /[Default VFS]/ >Checking operation #25 (type 25, layer 0) >Making operation type 25 opaque [module /[Default VFS]/] >Accepting operation type 25 from module /[Default VFS]/ >Checking operation #26 (type 26, layer 0) >Making operation type 26 opaque [module /[Default VFS]/] >Accepting operation type 26 from module /[Default VFS]/ >Checking operation #27 (type 27, layer 0) >Making operation type 27 opaque [module /[Default VFS]/] >Accepting operation type 27 from module /[Default VFS]/ >Checking operation #28 (type 28, layer 0) >Making operation type 28 opaque [module /[Default VFS]/] >Accepting operation type 28 from module /[Default VFS]/ >Checking operation #29 (type 29, layer 0) >Making operation type 29 opaque [module /[Default VFS]/] >Accepting operation type 29 from module /[Default VFS]/ >Checking operation #30 (type 30, layer 0) >Making operation type 30 opaque [module /[Default VFS]/] >Accepting operation type 30 from module /[Default VFS]/ >Checking operation #31 (type 31, layer 0) >Making operation type 31 opaque [module /[Default VFS]/] >Accepting operation type 31 from module /[Default VFS]/ >Checking operation #32 (type 32, layer 0) >Making operation type 32 opaque [module /[Default VFS]/] >Accepting operation type 32 from module /[Default VFS]/ >Checking operation #33 (type 33, layer 0) >Making operation type 33 opaque [module /[Default VFS]/] >Accepting operation type 33 from module /[Default VFS]/ >Checking operation #34 (type 34, layer 0) >Making operation type 34 opaque [module /[Default VFS]/] >Accepting operation type 34 from module /[Default VFS]/ >Checking operation #35 (type 35, layer 0) >Making operation type 35 opaque [module /[Default VFS]/] >Accepting operation type 35 from module /[Default VFS]/ >Checking operation #36 (type 36, layer 0) >Making operation type 36 opaque [module /[Default VFS]/] >Accepting operation type 36 from module /[Default VFS]/ >Checking operation #37 (type 37, layer 0) >Making operation type 37 opaque [module /[Default VFS]/] >Accepting operation type 37 from module /[Default VFS]/ >Checking operation #38 (type 38, layer 0) >Making operation type 38 opaque [module /[Default VFS]/] >Accepting operation type 38 from module /[Default VFS]/ >Checking operation #39 (type 39, layer 0) >Making operation type 39 opaque [module /[Default VFS]/] >Accepting operation type 39 from module /[Default VFS]/ >Checking operation #40 (type 40, layer 0) >Making operation type 40 opaque [module /[Default VFS]/] >Accepting operation type 40 from module /[Default VFS]/ >Checking operation #41 (type 41, layer 0) >Making operation type 41 opaque [module /[Default VFS]/] >Accepting operation type 41 from module /[Default VFS]/ >Checking operation #42 (type 42, layer 0) >Making operation type 42 opaque [module /[Default VFS]/] >Accepting operation type 42 from module /[Default VFS]/ >Checking operation #43 (type 43, layer 0) >Making operation type 43 opaque [module /[Default VFS]/] >Accepting operation type 43 from module /[Default VFS]/ >Checking operation #44 (type 44, layer 0) >Making operation type 44 opaque [module /[Default VFS]/] >Accepting operation type 44 from module /[Default VFS]/ >Checking operation #45 (type 45, layer 0) >Making operation type 45 opaque [module /[Default VFS]/] >Accepting operation type 45 from module /[Default VFS]/ >Checking operation #46 (type 46, layer 0) >Making operation type 46 opaque [module /[Default VFS]/] >Accepting operation type 46 from module /[Default VFS]/ >Checking operation #47 (type 47, layer 0) >Making operation type 47 opaque [module /[Default VFS]/] >Accepting operation type 47 from module /[Default VFS]/ >Checking operation #48 (type 48, layer 0) >Making operation type 48 opaque [module /[Default VFS]/] >Accepting operation type 48 from module /[Default VFS]/ >Checking operation #49 (type 49, layer 0) >Making operation type 49 opaque [module /[Default VFS]/] >Accepting operation type 49 from module /[Default VFS]/ >Checking operation #50 (type 50, layer 0) >Making operation type 50 opaque [module /[Default VFS]/] >Accepting operation type 50 from module /[Default VFS]/ >Checking operation #51 (type 51, layer 0) >Making operation type 51 opaque [module /[Default VFS]/] >Accepting operation type 51 from module /[Default VFS]/ >Checking operation #52 (type 52, layer 0) >Making operation type 52 opaque [module /[Default VFS]/] >Accepting operation type 52 from module /[Default VFS]/ >Checking operation #53 (type 53, layer 0) >Making operation type 53 opaque [module /[Default VFS]/] >Accepting operation type 53 from module /[Default VFS]/ >Checking operation #54 (type 54, layer 0) >Making operation type 54 opaque [module /[Default VFS]/] >Accepting operation type 54 from module /[Default VFS]/ >Checking operation #55 (type 55, layer 0) >Making operation type 55 opaque [module /[Default VFS]/] >Accepting operation type 55 from module /[Default VFS]/ >Checking operation #56 (type 56, layer 0) >Making operation type 56 opaque [module /[Default VFS]/] >Accepting operation type 56 from module /[Default VFS]/ >Checking operation #57 (type 57, layer 0) >Making operation type 57 opaque [module /[Default VFS]/] >Accepting operation type 57 from module /[Default VFS]/ >Checking operation #58 (type 58, layer 0) >Making operation type 58 opaque [module /[Default VFS]/] >Accepting operation type 58 from module /[Default VFS]/ >Checking operation #59 (type 59, layer 0) >Making operation type 59 opaque [module /[Default VFS]/] >Accepting operation type 59 from module /[Default VFS]/ >Checking operation #60 (type 60, layer 0) >Making operation type 60 opaque [module /[Default VFS]/] >Accepting operation type 60 from module /[Default VFS]/ >Checking operation #61 (type 61, layer 0) >Making operation type 61 opaque [module /[Default VFS]/] >Accepting operation type 61 from module /[Default VFS]/ >Checking operation #62 (type 62, layer 0) >Making operation type 62 opaque [module /[Default VFS]/] >Accepting operation type 62 from module /[Default VFS]/ >Checking operation #63 (type 63, layer 0) >Making operation type 63 opaque [module /[Default VFS]/] >Accepting operation type 63 from module /[Default VFS]/ >Checking operation #64 (type 64, layer 0) >Making operation type 64 opaque [module /[Default VFS]/] >Accepting operation type 64 from module /[Default VFS]/ >Checking operation #65 (type 65, layer 0) >Making operation type 65 opaque [module /[Default VFS]/] >Accepting operation type 65 from module /[Default VFS]/ >Checking operation #66 (type 66, layer 0) >Making operation type 66 opaque [module /[Default VFS]/] >Accepting operation type 66 from module /[Default VFS]/ >Checking operation #67 (type 67, layer 0) >Making operation type 67 opaque [module /[Default VFS]/] >Accepting operation type 67 from module /[Default VFS]/ >Checking operation #68 (type 68, layer 0) >Making operation type 68 opaque [module /[Default VFS]/] >Accepting operation type 68 from module /[Default VFS]/ >Checking operation #69 (type 69, layer 0) >Making operation type 69 opaque [module /[Default VFS]/] >Accepting operation type 69 from module /[Default VFS]/ >Checking operation #70 (type 70, layer 0) >Making operation type 70 opaque [module /[Default VFS]/] >Accepting operation type 70 from module /[Default VFS]/ >Checking operation #71 (type 71, layer 0) >Making operation type 71 opaque [module /[Default VFS]/] >Accepting operation type 71 from module /[Default VFS]/ >Checking operation #72 (type 72, layer 0) >Making operation type 72 opaque [module /[Default VFS]/] >Accepting operation type 72 from module /[Default VFS]/ >Checking operation #73 (type 73, layer 0) >Making operation type 73 opaque [module /[Default VFS]/] >Accepting operation type 73 from module /[Default VFS]/ >Checking operation #74 (type 74, layer 0) >Making operation type 74 opaque [module /[Default VFS]/] >Accepting operation type 74 from module /[Default VFS]/ >Checking operation #75 (type 75, layer 0) >Making operation type 75 opaque [module /[Default VFS]/] >Accepting operation type 75 from module /[Default VFS]/ >Checking operation #76 (type 76, layer 0) >Making operation type 76 opaque [module /[Default VFS]/] >Accepting operation type 76 from module /[Default VFS]/ >Checking operation #77 (type 77, layer 0) >Making operation type 77 opaque [module /[Default VFS]/] >Accepting operation type 77 from module /[Default VFS]/ >Checking operation #78 (type 78, layer 0) >Making operation type 78 opaque [module /[Default VFS]/] >Accepting operation type 78 from module /[Default VFS]/ >Checking operation #79 (type 79, layer 0) >Making operation type 79 opaque [module /[Default VFS]/] >Accepting operation type 79 from module /[Default VFS]/ >Checking operation #80 (type 80, layer 0) >Making operation type 80 opaque [module /[Default VFS]/] >Accepting operation type 80 from module /[Default VFS]/ >Checking operation #81 (type 81, layer 0) >Making operation type 81 opaque [module /[Default VFS]/] >Accepting operation type 81 from module /[Default VFS]/ >Checking operation #82 (type 82, layer 0) >Making operation type 82 opaque [module /[Default VFS]/] >Accepting operation type 82 from module /[Default VFS]/ >Checking operation #83 (type 83, layer 0) >Making operation type 83 opaque [module /[Default VFS]/] >Accepting operation type 83 from module /[Default VFS]/ >Checking operation #84 (type 84, layer 0) >Making operation type 84 opaque [module /[Default VFS]/] >Accepting operation type 84 from module /[Default VFS]/ >Checking operation #85 (type 85, layer 0) >Making operation type 85 opaque [module /[Default VFS]/] >Accepting operation type 85 from module /[Default VFS]/ >Checking operation #86 (type 86, layer 0) >Making operation type 86 opaque [module /[Default VFS]/] >Accepting operation type 86 from module /[Default VFS]/ >Checking operation #87 (type 87, layer 0) >Making operation type 87 opaque [module /[Default VFS]/] >Accepting operation type 87 from module /[Default VFS]/ >Checking operation #88 (type 88, layer 0) >Making operation type 88 opaque [module /[Default VFS]/] >Accepting operation type 88 from module /[Default VFS]/ >Checking operation #89 (type 89, layer 0) >Making operation type 89 opaque [module /[Default VFS]/] >Accepting operation type 89 from module /[Default VFS]/ >Checking operation #90 (type 90, layer 0) >Making operation type 90 opaque [module /[Default VFS]/] >Accepting operation type 90 from module /[Default VFS]/ >Checking operation #91 (type 91, layer 0) >Making operation type 91 opaque [module /[Default VFS]/] >Accepting operation type 91 from module /[Default VFS]/ >Checking operation #92 (type 92, layer 0) >Making operation type 92 opaque [module /[Default VFS]/] >Accepting operation type 92 from module /[Default VFS]/ >Checking operation #93 (type 93, layer 0) >Making operation type 93 opaque [module /[Default VFS]/] >Accepting operation type 93 from module /[Default VFS]/ >Checking operation #94 (type 94, layer 0) >Making operation type 94 opaque [module /[Default VFS]/] >Accepting operation type 94 from module /[Default VFS]/ >Checking operation #95 (type 95, layer 0) >Making operation type 95 opaque [module /[Default VFS]/] >Accepting operation type 95 from module /[Default VFS]/ >Checking operation #96 (type 96, layer 0) >Making operation type 96 opaque [module /[Default VFS]/] >Accepting operation type 96 from module /[Default VFS]/ >Checking operation #97 (type 97, layer 0) >Making operation type 97 opaque [module /[Default VFS]/] >Accepting operation type 97 from module /[Default VFS]/ >Checking operation #98 (type 98, layer 0) >Making operation type 98 opaque [module /[Default VFS]/] >Accepting operation type 98 from module /[Default VFS]/ >Checking operation #99 (type 99, layer 0) >Making operation type 99 opaque [module /[Default VFS]/] >Accepting operation type 99 from module /[Default VFS]/ >Checking operation #100 (type 100, layer 0) >Making operation type 100 opaque [module /[Default VFS]/] >Accepting operation type 100 from module /[Default VFS]/ >Checking operation #101 (type 101, layer 0) >Making operation type 101 opaque [module /[Default VFS]/] >Accepting operation type 101 from module /[Default VFS]/ >Checking operation #102 (type 102, layer 0) >Making operation type 102 opaque [module /[Default VFS]/] >Accepting operation type 102 from module /[Default VFS]/ >Checking operation #103 (type 103, layer 0) >Making operation type 103 opaque [module /[Default VFS]/] >Accepting operation type 103 from module /[Default VFS]/ >Checking operation #104 (type 104, layer 0) >Making operation type 104 opaque [module /[Default VFS]/] >Accepting operation type 104 from module /[Default VFS]/ >Checking operation #105 (type 105, layer 0) >Making operation type 105 opaque [module /[Default VFS]/] >Accepting operation type 105 from module /[Default VFS]/ >Checking operation #106 (type 106, layer 0) >Making operation type 106 opaque [module /[Default VFS]/] >Accepting operation type 106 from module /[Default VFS]/ >Checking operation #107 (type 107, layer 0) >Making operation type 107 opaque [module /[Default VFS]/] >Accepting operation type 107 from module /[Default VFS]/ >Checking operation #108 (type 108, layer 0) >Making operation type 108 opaque [module /[Default VFS]/] >Accepting operation type 108 from module /[Default VFS]/ >Checking operation #109 (type 109, layer 0) >Making operation type 109 opaque [module /[Default VFS]/] >Accepting operation type 109 from module /[Default VFS]/ >Checking operation #110 (type 110, layer 0) >Making operation type 110 opaque [module /[Default VFS]/] >Accepting operation type 110 from module /[Default VFS]/ >claiming [IPC$] >Locking key 29320000020000004950 >Allocated locked data 0x0x7fb624085c10 >Unlocking key 29320000020000004950 >user_ok_token: share IPC$ is ok for unix user Administrator >is_share_read_only_for_user: share IPC$ is read-only for unix user Administrator >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >czc7487t0x (10.225.5.207) connect to service IPC$ initially as user Administrator (uid=123, gid=123) (pid 12841) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 14 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=896 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /tmp >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16009, fnum = 20105 (1 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >Finding user Administrator >Trying _Get_Pwnam(), username as lowercase is administrator >Trying _Get_Pwnam(), username as given is Administrator >Get_Pwnam_internals did find user [Administrator]! >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 15 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=960 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20105 (0x4E89) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e89) >api_fd_reply: p:0x7fb6240754f0 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406a280 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406a280 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=960 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 16 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1024 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20105 (0x4E89) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 4C DF 7A 10 0F 00 00 .L...... .L.z.... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e89) >api_fd_reply: p:0x7fb6240754f0 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406a280 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406a280 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1024 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 17 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1088 >smt_wct=3 >smb_vwv[ 0]=20105 (0x4E89) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20105 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20105 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1088 >smt_wct=0 >smb_bcc=0 >got smb length of 206 >got message type 0x0 of len 0xce >Transaction 18 of length 210 (0 toread) >size=206 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=1152 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 206 (0xCE) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 74 (0x4A) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=147 >[0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. >[0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* >[0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... >[0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n >[0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 >[0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W >[0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. >[0090] 00 00 00 ... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >register_initial_vuid: allocated vuid = 102 >check_spnego_blob_complete: needed_len = 74, pblob->length = 74 >parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >reply_spnego_negotiate: Got secblob of size 40 >Making default auth method list for security=server >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match smbserver >load_auth_module: auth method smbserver has a valid init >Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: getting challenge from module smbserver >Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >sitename_fetch: No stored sitename for >internal_resolve_name: looking up *#20 (sitename (null)) >Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 >name *#20 found. >s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 >s3_event: Added timed event "tevent_req_timedout": 0x7fb62406a850 >Running timed event "tevent_req_timedout" 0x7fb624086680 >s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb624069ce0 >Connecting to 10.225.3.7 at port 445 >s3_event: Added timed event "tevent_req_timedout": 0x7fb62407b970 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb62407b970 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb624069ce0 "tevent_req_timedout" >Running timed event "tevent_req_timedout" 0x7fb62406a850 >s3_event: Destroying timer event 0x7fb62406a850 "tevent_req_timedout" >s3_event: Added timed event "tevent_req_timedout": 0x7fb62407bc10 >Connecting to 10.225.3.7 at port 139 >s3_event: Added timed event "tevent_req_timedout": 0x7fb624081100 >connect returned Connection refused >s3_event: Destroying timer event 0x7fb624081100 "tevent_req_timedout" >s3_event: Destroying timer event 0x7fb62407bc10 "tevent_req_timedout" >Error connecting to 10.225.3.7 (Connection refused) >server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED >password server not available >auth_get_challenge: getting challenge from authentication method smbserver FAILED. >auth_context challenge created by random >challenge is: >[0000] D4 90 79 B9 C0 C7 3C E0 ..y...<. >size=318 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=1152 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 221 (0xDD) >smb_bcc=275 >[0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N >[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 >[0030] 00 00 00 15 82 8A E2 D4 90 79 B9 C0 C7 3C E0 00 ........ .y...<.. >[0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T >[0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T >[0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T >[0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c >[0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a >[0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 >[00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s >[00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i >[00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u >[00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n >[00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a >[00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T >[0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P >[0110] 00 00 00 ... >got smb length of 248 >got message type 0x0 of len 0xf8 >Transaction 19 of length 252 (0 toread) >size=248 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=1216 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 248 (0xF8) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 117 (0x75) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=189 >[0000] A1 73 30 71 A2 6F 04 6D 4E 54 4C 4D 53 53 50 00 .s0q.o.m NTLMSSP. >[0010] 03 00 00 00 01 00 01 00 5C 00 00 00 00 00 00 00 ........ \....... >[0020] 5D 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ]....... H....... >[0030] 48 00 00 00 14 00 14 00 48 00 00 00 10 00 10 00 H....... H....... >[0040] 5D 00 00 00 15 8A 88 E2 05 00 93 08 00 00 00 0F ]....... ........ >[0050] 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 54 00 C.Z.C.7. 4.8.7.T. >[0060] 30 00 58 00 00 8A 8A 93 90 34 CE 0A 5B CC DF 36 0.X..... .4..[..6 >[0070] 9B A6 78 9D 23 57 00 69 00 6E 00 64 00 6F 00 77 ..x.#W.i .n.d.o.w >[0080] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 32 .s. .2.0 .0.0. .2 >[0090] 00 31 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 .1.9.5.. .W.i.n.d >[00A0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 >[00B0] 00 20 00 35 00 2E 00 30 00 00 00 00 00 . .5...0 ..... >switch message SMBsesssetupX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >check_spnego_blob_complete: needed_len = 117, pblob->length = 117 >Got user=[] domain=[] workstation=[CZC7487T0X] len1=1 len2=0 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >Mapping user []\[] from workstation [CZC7487T0X] >Mapped domain from [] to [TESTPC] for user [] from workstation [CZC7487T0X] >attempting to make a user_info for () >making strings for 's user_info struct >making blobs for 's user_info struct >made an encrypted user_info for () >check_ntlm_password: Checking password for unmapped user []\[]@[CZC7487T0X] with the new password interface >check_ntlm_password: mapped user is: [TESTPC]\[]@[CZC7487T0X] >check_ntlm_password: auth_context challenge created by random >challenge is: >[0000] D4 90 79 B9 C0 C7 3C E0 ..y...<. >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >check_ntlm_password: guest authentication for user [] succeeded >check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >attempting to free (and zero) a user_info structure >structure was created for >Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >winbind failed to find a gid for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-544 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >winbind failed to find a gid for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-545 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Failed to fetch domain sid for TESTGROUP >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] >get_privileges_for_sids: sid = S-1-1-0 >Privilege set: >SE_PRIV 0x0 0x0 0x0 0x0 >get_privileges: No privileges assigned to SID [S-1-5-2] >get_privileges: No privileges assigned to SID [S-1-5-32-546] >Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found >winbind failed to find a gid for sid S-1-1-0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-1-0 >Could not convert SID S-1-1-0 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found >winbind failed to find a gid for sid S-1-5-2 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-2 >Could not convert SID S-1-5-2 to gid, ignoring it >Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found >winbind failed to find a gid for sid S-1-5-32-546 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >LEGACY: mapping failed for sid S-1-5-32-546 >Could not convert SID S-1-5-32-546 to gid, ignoring it >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Using unmodified nt session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >register_existing_vuid: (65534,65533) nobody TESTPC guest=1 >register_existing_vuid: User name: nobody Real name: nobody >register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 102 >lp_file_list_changed() >file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 > >size=106 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=1216 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=63 >[0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x >[0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 >[0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S >[0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 20 of length 94 (0 toread) >size=90 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=1280 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 90 (0x5A) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=47 >[0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 >[0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I >[0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. >switch message SMBtconX (pid 12841) conn 0x0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >Finding user nobody >Trying _Get_Pwnam(), username as lowercase is nobody >Get_Pwnam_internals did find user [nobody]! >set_conn_connectpath: service IPC$, connectpath = /tmp >Connect path is '/tmp' for service [IPC$] >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >Initialising default vfs hooks >Initialising custom vfs hooks from [/[Default VFS]/] >vfs_find_backend_entry called for /[Default VFS]/ >Successfully loaded vfs module [/[Default VFS]/] with the new modules system >Checking operation #0 (type 0, layer 0) >Making operation type 0 opaque [module /[Default VFS]/] >Accepting operation type 0 from module /[Default VFS]/ >Checking operation #1 (type 1, layer 0) >Making operation type 1 opaque [module /[Default VFS]/] >Accepting operation type 1 from module /[Default VFS]/ >Checking operation #2 (type 2, layer 0) >Making operation type 2 opaque [module /[Default VFS]/] >Accepting operation type 2 from module /[Default VFS]/ >Checking operation #3 (type 3, layer 0) >Making operation type 3 opaque [module /[Default VFS]/] >Accepting operation type 3 from module /[Default VFS]/ >Checking operation #4 (type 4, layer 0) >Making operation type 4 opaque [module /[Default VFS]/] >Accepting operation type 4 from module /[Default VFS]/ >Checking operation #5 (type 5, layer 0) >Making operation type 5 opaque [module /[Default VFS]/] >Accepting operation type 5 from module /[Default VFS]/ >Checking operation #6 (type 6, layer 0) >Making operation type 6 opaque [module /[Default VFS]/] >Accepting operation type 6 from module /[Default VFS]/ >Checking operation #7 (type 7, layer 0) >Making operation type 7 opaque [module /[Default VFS]/] >Accepting operation type 7 from module /[Default VFS]/ >Checking operation #8 (type 8, layer 0) >Making operation type 8 opaque [module /[Default VFS]/] >Accepting operation type 8 from module /[Default VFS]/ >Checking operation #9 (type 9, layer 0) >Making operation type 9 opaque [module /[Default VFS]/] >Accepting operation type 9 from module /[Default VFS]/ >Checking operation #10 (type 10, layer 0) >Making operation type 10 opaque [module /[Default VFS]/] >Accepting operation type 10 from module /[Default VFS]/ >Checking operation #11 (type 11, layer 0) >Making operation type 11 opaque [module /[Default VFS]/] >Accepting operation type 11 from module /[Default VFS]/ >Checking operation #12 (type 12, layer 0) >Making operation type 12 opaque [module /[Default VFS]/] >Accepting operation type 12 from module /[Default VFS]/ >Checking operation #13 (type 13, layer 0) >Making operation type 13 opaque [module /[Default VFS]/] >Accepting operation type 13 from module /[Default VFS]/ >Checking operation #14 (type 14, layer 0) >Making operation type 14 opaque [module /[Default VFS]/] >Accepting operation type 14 from module /[Default VFS]/ >Checking operation #15 (type 15, layer 0) >Making operation type 15 opaque [module /[Default VFS]/] >Accepting operation type 15 from module /[Default VFS]/ >Checking operation #16 (type 16, layer 0) >Making operation type 16 opaque [module /[Default VFS]/] >Accepting operation type 16 from module /[Default VFS]/ >Checking operation #17 (type 17, layer 0) >Making operation type 17 opaque [module /[Default VFS]/] >Accepting operation type 17 from module /[Default VFS]/ >Checking operation #18 (type 18, layer 0) >Making operation type 18 opaque [module /[Default VFS]/] >Accepting operation type 18 from module /[Default VFS]/ >Checking operation #19 (type 19, layer 0) >Making operation type 19 opaque [module /[Default VFS]/] >Accepting operation type 19 from module /[Default VFS]/ >Checking operation #20 (type 20, layer 0) >Making operation type 20 opaque [module /[Default VFS]/] >Accepting operation type 20 from module /[Default VFS]/ >Checking operation #21 (type 21, layer 0) >Making operation type 21 opaque [module /[Default VFS]/] >Accepting operation type 21 from module /[Default VFS]/ >Checking operation #22 (type 22, layer 0) >Making operation type 22 opaque [module /[Default VFS]/] >Accepting operation type 22 from module /[Default VFS]/ >Checking operation #23 (type 23, layer 0) >Making operation type 23 opaque [module /[Default VFS]/] >Accepting operation type 23 from module /[Default VFS]/ >Checking operation #24 (type 24, layer 0) >Making operation type 24 opaque [module /[Default VFS]/] >Accepting operation type 24 from module /[Default VFS]/ >Checking operation #25 (type 25, layer 0) >Making operation type 25 opaque [module /[Default VFS]/] >Accepting operation type 25 from module /[Default VFS]/ >Checking operation #26 (type 26, layer 0) >Making operation type 26 opaque [module /[Default VFS]/] >Accepting operation type 26 from module /[Default VFS]/ >Checking operation #27 (type 27, layer 0) >Making operation type 27 opaque [module /[Default VFS]/] >Accepting operation type 27 from module /[Default VFS]/ >Checking operation #28 (type 28, layer 0) >Making operation type 28 opaque [module /[Default VFS]/] >Accepting operation type 28 from module /[Default VFS]/ >Checking operation #29 (type 29, layer 0) >Making operation type 29 opaque [module /[Default VFS]/] >Accepting operation type 29 from module /[Default VFS]/ >Checking operation #30 (type 30, layer 0) >Making operation type 30 opaque [module /[Default VFS]/] >Accepting operation type 30 from module /[Default VFS]/ >Checking operation #31 (type 31, layer 0) >Making operation type 31 opaque [module /[Default VFS]/] >Accepting operation type 31 from module /[Default VFS]/ >Checking operation #32 (type 32, layer 0) >Making operation type 32 opaque [module /[Default VFS]/] >Accepting operation type 32 from module /[Default VFS]/ >Checking operation #33 (type 33, layer 0) >Making operation type 33 opaque [module /[Default VFS]/] >Accepting operation type 33 from module /[Default VFS]/ >Checking operation #34 (type 34, layer 0) >Making operation type 34 opaque [module /[Default VFS]/] >Accepting operation type 34 from module /[Default VFS]/ >Checking operation #35 (type 35, layer 0) >Making operation type 35 opaque [module /[Default VFS]/] >Accepting operation type 35 from module /[Default VFS]/ >Checking operation #36 (type 36, layer 0) >Making operation type 36 opaque [module /[Default VFS]/] >Accepting operation type 36 from module /[Default VFS]/ >Checking operation #37 (type 37, layer 0) >Making operation type 37 opaque [module /[Default VFS]/] >Accepting operation type 37 from module /[Default VFS]/ >Checking operation #38 (type 38, layer 0) >Making operation type 38 opaque [module /[Default VFS]/] >Accepting operation type 38 from module /[Default VFS]/ >Checking operation #39 (type 39, layer 0) >Making operation type 39 opaque [module /[Default VFS]/] >Accepting operation type 39 from module /[Default VFS]/ >Checking operation #40 (type 40, layer 0) >Making operation type 40 opaque [module /[Default VFS]/] >Accepting operation type 40 from module /[Default VFS]/ >Checking operation #41 (type 41, layer 0) >Making operation type 41 opaque [module /[Default VFS]/] >Accepting operation type 41 from module /[Default VFS]/ >Checking operation #42 (type 42, layer 0) >Making operation type 42 opaque [module /[Default VFS]/] >Accepting operation type 42 from module /[Default VFS]/ >Checking operation #43 (type 43, layer 0) >Making operation type 43 opaque [module /[Default VFS]/] >Accepting operation type 43 from module /[Default VFS]/ >Checking operation #44 (type 44, layer 0) >Making operation type 44 opaque [module /[Default VFS]/] >Accepting operation type 44 from module /[Default VFS]/ >Checking operation #45 (type 45, layer 0) >Making operation type 45 opaque [module /[Default VFS]/] >Accepting operation type 45 from module /[Default VFS]/ >Checking operation #46 (type 46, layer 0) >Making operation type 46 opaque [module /[Default VFS]/] >Accepting operation type 46 from module /[Default VFS]/ >Checking operation #47 (type 47, layer 0) >Making operation type 47 opaque [module /[Default VFS]/] >Accepting operation type 47 from module /[Default VFS]/ >Checking operation #48 (type 48, layer 0) >Making operation type 48 opaque [module /[Default VFS]/] >Accepting operation type 48 from module /[Default VFS]/ >Checking operation #49 (type 49, layer 0) >Making operation type 49 opaque [module /[Default VFS]/] >Accepting operation type 49 from module /[Default VFS]/ >Checking operation #50 (type 50, layer 0) >Making operation type 50 opaque [module /[Default VFS]/] >Accepting operation type 50 from module /[Default VFS]/ >Checking operation #51 (type 51, layer 0) >Making operation type 51 opaque [module /[Default VFS]/] >Accepting operation type 51 from module /[Default VFS]/ >Checking operation #52 (type 52, layer 0) >Making operation type 52 opaque [module /[Default VFS]/] >Accepting operation type 52 from module /[Default VFS]/ >Checking operation #53 (type 53, layer 0) >Making operation type 53 opaque [module /[Default VFS]/] >Accepting operation type 53 from module /[Default VFS]/ >Checking operation #54 (type 54, layer 0) >Making operation type 54 opaque [module /[Default VFS]/] >Accepting operation type 54 from module /[Default VFS]/ >Checking operation #55 (type 55, layer 0) >Making operation type 55 opaque [module /[Default VFS]/] >Accepting operation type 55 from module /[Default VFS]/ >Checking operation #56 (type 56, layer 0) >Making operation type 56 opaque [module /[Default VFS]/] >Accepting operation type 56 from module /[Default VFS]/ >Checking operation #57 (type 57, layer 0) >Making operation type 57 opaque [module /[Default VFS]/] >Accepting operation type 57 from module /[Default VFS]/ >Checking operation #58 (type 58, layer 0) >Making operation type 58 opaque [module /[Default VFS]/] >Accepting operation type 58 from module /[Default VFS]/ >Checking operation #59 (type 59, layer 0) >Making operation type 59 opaque [module /[Default VFS]/] >Accepting operation type 59 from module /[Default VFS]/ >Checking operation #60 (type 60, layer 0) >Making operation type 60 opaque [module /[Default VFS]/] >Accepting operation type 60 from module /[Default VFS]/ >Checking operation #61 (type 61, layer 0) >Making operation type 61 opaque [module /[Default VFS]/] >Accepting operation type 61 from module /[Default VFS]/ >Checking operation #62 (type 62, layer 0) >Making operation type 62 opaque [module /[Default VFS]/] >Accepting operation type 62 from module /[Default VFS]/ >Checking operation #63 (type 63, layer 0) >Making operation type 63 opaque [module /[Default VFS]/] >Accepting operation type 63 from module /[Default VFS]/ >Checking operation #64 (type 64, layer 0) >Making operation type 64 opaque [module /[Default VFS]/] >Accepting operation type 64 from module /[Default VFS]/ >Checking operation #65 (type 65, layer 0) >Making operation type 65 opaque [module /[Default VFS]/] >Accepting operation type 65 from module /[Default VFS]/ >Checking operation #66 (type 66, layer 0) >Making operation type 66 opaque [module /[Default VFS]/] >Accepting operation type 66 from module /[Default VFS]/ >Checking operation #67 (type 67, layer 0) >Making operation type 67 opaque [module /[Default VFS]/] >Accepting operation type 67 from module /[Default VFS]/ >Checking operation #68 (type 68, layer 0) >Making operation type 68 opaque [module /[Default VFS]/] >Accepting operation type 68 from module /[Default VFS]/ >Checking operation #69 (type 69, layer 0) >Making operation type 69 opaque [module /[Default VFS]/] >Accepting operation type 69 from module /[Default VFS]/ >Checking operation #70 (type 70, layer 0) >Making operation type 70 opaque [module /[Default VFS]/] >Accepting operation type 70 from module /[Default VFS]/ >Checking operation #71 (type 71, layer 0) >Making operation type 71 opaque [module /[Default VFS]/] >Accepting operation type 71 from module /[Default VFS]/ >Checking operation #72 (type 72, layer 0) >Making operation type 72 opaque [module /[Default VFS]/] >Accepting operation type 72 from module /[Default VFS]/ >Checking operation #73 (type 73, layer 0) >Making operation type 73 opaque [module /[Default VFS]/] >Accepting operation type 73 from module /[Default VFS]/ >Checking operation #74 (type 74, layer 0) >Making operation type 74 opaque [module /[Default VFS]/] >Accepting operation type 74 from module /[Default VFS]/ >Checking operation #75 (type 75, layer 0) >Making operation type 75 opaque [module /[Default VFS]/] >Accepting operation type 75 from module /[Default VFS]/ >Checking operation #76 (type 76, layer 0) >Making operation type 76 opaque [module /[Default VFS]/] >Accepting operation type 76 from module /[Default VFS]/ >Checking operation #77 (type 77, layer 0) >Making operation type 77 opaque [module /[Default VFS]/] >Accepting operation type 77 from module /[Default VFS]/ >Checking operation #78 (type 78, layer 0) >Making operation type 78 opaque [module /[Default VFS]/] >Accepting operation type 78 from module /[Default VFS]/ >Checking operation #79 (type 79, layer 0) >Making operation type 79 opaque [module /[Default VFS]/] >Accepting operation type 79 from module /[Default VFS]/ >Checking operation #80 (type 80, layer 0) >Making operation type 80 opaque [module /[Default VFS]/] >Accepting operation type 80 from module /[Default VFS]/ >Checking operation #81 (type 81, layer 0) >Making operation type 81 opaque [module /[Default VFS]/] >Accepting operation type 81 from module /[Default VFS]/ >Checking operation #82 (type 82, layer 0) >Making operation type 82 opaque [module /[Default VFS]/] >Accepting operation type 82 from module /[Default VFS]/ >Checking operation #83 (type 83, layer 0) >Making operation type 83 opaque [module /[Default VFS]/] >Accepting operation type 83 from module /[Default VFS]/ >Checking operation #84 (type 84, layer 0) >Making operation type 84 opaque [module /[Default VFS]/] >Accepting operation type 84 from module /[Default VFS]/ >Checking operation #85 (type 85, layer 0) >Making operation type 85 opaque [module /[Default VFS]/] >Accepting operation type 85 from module /[Default VFS]/ >Checking operation #86 (type 86, layer 0) >Making operation type 86 opaque [module /[Default VFS]/] >Accepting operation type 86 from module /[Default VFS]/ >Checking operation #87 (type 87, layer 0) >Making operation type 87 opaque [module /[Default VFS]/] >Accepting operation type 87 from module /[Default VFS]/ >Checking operation #88 (type 88, layer 0) >Making operation type 88 opaque [module /[Default VFS]/] >Accepting operation type 88 from module /[Default VFS]/ >Checking operation #89 (type 89, layer 0) >Making operation type 89 opaque [module /[Default VFS]/] >Accepting operation type 89 from module /[Default VFS]/ >Checking operation #90 (type 90, layer 0) >Making operation type 90 opaque [module /[Default VFS]/] >Accepting operation type 90 from module /[Default VFS]/ >Checking operation #91 (type 91, layer 0) >Making operation type 91 opaque [module /[Default VFS]/] >Accepting operation type 91 from module /[Default VFS]/ >Checking operation #92 (type 92, layer 0) >Making operation type 92 opaque [module /[Default VFS]/] >Accepting operation type 92 from module /[Default VFS]/ >Checking operation #93 (type 93, layer 0) >Making operation type 93 opaque [module /[Default VFS]/] >Accepting operation type 93 from module /[Default VFS]/ >Checking operation #94 (type 94, layer 0) >Making operation type 94 opaque [module /[Default VFS]/] >Accepting operation type 94 from module /[Default VFS]/ >Checking operation #95 (type 95, layer 0) >Making operation type 95 opaque [module /[Default VFS]/] >Accepting operation type 95 from module /[Default VFS]/ >Checking operation #96 (type 96, layer 0) >Making operation type 96 opaque [module /[Default VFS]/] >Accepting operation type 96 from module /[Default VFS]/ >Checking operation #97 (type 97, layer 0) >Making operation type 97 opaque [module /[Default VFS]/] >Accepting operation type 97 from module /[Default VFS]/ >Checking operation #98 (type 98, layer 0) >Making operation type 98 opaque [module /[Default VFS]/] >Accepting operation type 98 from module /[Default VFS]/ >Checking operation #99 (type 99, layer 0) >Making operation type 99 opaque [module /[Default VFS]/] >Accepting operation type 99 from module /[Default VFS]/ >Checking operation #100 (type 100, layer 0) >Making operation type 100 opaque [module /[Default VFS]/] >Accepting operation type 100 from module /[Default VFS]/ >Checking operation #101 (type 101, layer 0) >Making operation type 101 opaque [module /[Default VFS]/] >Accepting operation type 101 from module /[Default VFS]/ >Checking operation #102 (type 102, layer 0) >Making operation type 102 opaque [module /[Default VFS]/] >Accepting operation type 102 from module /[Default VFS]/ >Checking operation #103 (type 103, layer 0) >Making operation type 103 opaque [module /[Default VFS]/] >Accepting operation type 103 from module /[Default VFS]/ >Checking operation #104 (type 104, layer 0) >Making operation type 104 opaque [module /[Default VFS]/] >Accepting operation type 104 from module /[Default VFS]/ >Checking operation #105 (type 105, layer 0) >Making operation type 105 opaque [module /[Default VFS]/] >Accepting operation type 105 from module /[Default VFS]/ >Checking operation #106 (type 106, layer 0) >Making operation type 106 opaque [module /[Default VFS]/] >Accepting operation type 106 from module /[Default VFS]/ >Checking operation #107 (type 107, layer 0) >Making operation type 107 opaque [module /[Default VFS]/] >Accepting operation type 107 from module /[Default VFS]/ >Checking operation #108 (type 108, layer 0) >Making operation type 108 opaque [module /[Default VFS]/] >Accepting operation type 108 from module /[Default VFS]/ >Checking operation #109 (type 109, layer 0) >Making operation type 109 opaque [module /[Default VFS]/] >Accepting operation type 109 from module /[Default VFS]/ >Checking operation #110 (type 110, layer 0) >Making operation type 110 opaque [module /[Default VFS]/] >Accepting operation type 110 from module /[Default VFS]/ >claiming [IPC$] >Locking key 29320000030000004950 >Allocated locked data 0x0x7fb624085c30 >Unlocking key 29320000030000004950 >user_ok_token: share IPC$ is ok for unix user nobody >is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username nobody, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name nobody, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\nobody, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >czc7487t0x (10.225.5.207) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 12841) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 21 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=1344 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=1344 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 22 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1408 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16010, fnum = 20106 (1 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 23 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1472 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20106 (0x4E8A) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8a) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1472 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 24 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1536 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20106 (0x4E8A) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 58 BC 7A 10 0F 00 00 .L...... .X.z.... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8a) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1536 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 25 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1600 >smt_wct=3 >smb_vwv[ 0]=20106 (0x4E8A) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20106 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20106 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1600 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 26 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1664 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16011, fnum = 20107 (1 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 27 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1728 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20107 (0x4E8B) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8b) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1728 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 28 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1792 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20107 (0x4E8B) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 A4 BE 7A 10 0F 00 00 .4...... ...z.... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8b) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1792 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 29 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1856 >smt_wct=3 >smb_vwv[ 0]=20107 (0x4E8B) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20107 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20107 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=1856 >smt_wct=0 >smb_bcc=0 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 30 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=1920 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=1920 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 31 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=1984 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16012, fnum = 20108 (1 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 32 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2048 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20108 (0x4E8C) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8c) >api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2048 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 33 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2112 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20108 (0x4E8C) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 90 C3 7A 10 0F 00 00 .L...... ...z.... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8c) >api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2112 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 34 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2176 >smt_wct=3 >smb_vwv[ 0]=20108 (0x4E8C) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20108 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20108 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2176 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 35 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2240 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16013, fnum = 20109 (1 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 36 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2304 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20109 (0x4E8D) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8d) >api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2304 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 37 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2368 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20109 (0x4E8D) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 DC C5 7A 10 0F 00 00 .4...... ...z.... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8d) >api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2368 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 38 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2432 >smt_wct=3 >smb_vwv[ 0]=20109 (0x4E8D) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20109 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20109 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2432 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 39 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=2496 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=2496 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 40 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=2560 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=2560 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 41 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2624 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16014, fnum = 20110 (1 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 42 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2688 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20110 (0x4E8E) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8e) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2688 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 43 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2752 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20110 (0x4E8E) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 E4 CE F5 00 0F 00 00 .L...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e8e) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2752 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 44 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2816 >smt_wct=3 >smb_vwv[ 0]=20110 (0x4E8E) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20110 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20110 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=2816 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 45 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2880 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16015, fnum = 20111 (1 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 46 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2944 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20111 (0x4E8F) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8f) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=2944 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 47 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3008 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20111 (0x4E8F) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 30 D1 F5 00 0F 00 00 .4...... .0...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e8f) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3008 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 48 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=3072 >smt_wct=3 >smb_vwv[ 0]=20111 (0x4E8F) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20111 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20111 (0 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=3072 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 49 of length 104 (0 toread) >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3136 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ........ .\.d.e.s >[0010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[0020] 00 00 00 ... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "desktop.ini" >stat_cache_lookup: lookup failed for name [DESKTOP.INI] >unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3136 >smt_wct=0 >smb_bcc=0 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 50 of length 90 (0 toread) >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3200 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "*" >stat_cache_lookup: lookup failed for name [*] >unix_convert begin: name = *, dirpath = , start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >dir=./, mask = * >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 0 >dos_mode: ./. >dos_mode_from_sbuf returning d >dos_mode returning d >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./. fname=. >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 2147483648 >dos_mode: ./.. >dos_mode_from_sbuf returning d >dos_mode returning d >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./.. fname=.. >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 1385932211 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 300, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 300, paramsize = 10, datasize = 300 >size=368 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3200 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 300 (0x12C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 300 (0x12C) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=313 >[0000] 00 FD FF 03 00 01 00 00 00 C4 00 00 00 60 00 00 ........ .....`.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 90 6A ......i. 1^.....j >[0020] 2A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD *_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. >[0070] 00 00 00 00 00 80 56 CD 45 52 B1 CA 01 80 B9 86 ......V. ER...... >[0080] DD 5E B4 CA 01 80 56 CD 45 52 B1 CA 01 80 56 CD .^....V. ER....V. >[0090] 45 52 B1 CA 01 00 00 00 00 00 00 00 00 00 00 00 ER...... ........ >[00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ >[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ >[00D0] 00 68 00 00 00 00 00 00 00 80 69 DD 31 5E B4 CA .h...... ..i.1^.. >[00E0] 01 80 69 DD 31 5E B4 CA 01 80 69 DD 31 5E B4 CA ..i.1^.. ..i.1^.. >[00F0] 01 80 69 DD 31 5E B4 CA 01 00 00 00 00 00 00 00 ..i.1^.. ........ >[0100] 00 00 00 00 00 00 00 00 00 11 00 00 00 0A 00 00 ........ ........ >[0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 ........ .......t >[0130] 00 65 00 73 00 74 00 32 00 .e.s.t.2 . >SMBtrans2 mask=* directory=./ dirtype=22 numentries=3 >hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 51 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3264 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup failed for name [TEST2] >unix_convert begin: name = test2/desktop.ini, dirpath = , start = test2/desktop.ini >is_mangled test2/desktop.ini ? >is_mangled_component test2/desktop.ini (len 5) ? >is_mangled_component desktop.ini (len 11) ? >stat_cache_add: Added entry (7fb624084b90:size 5) TEST2 -> test2 >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3264 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 52 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3328 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3328 >smt_wct=0 >smb_bcc=0 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 53 of length 90 (0 toread) >size=86 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3392 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0, fname = >create_file: access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = >unix_convert called on file "" >conversion finished "" -> . >create_file_unixpath: access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = . >open_directory: opening directory ., access_mask = 0x100001, share_access = 0x7 create_options = 0x1, create_disposition = 0x1, file_attributes = 0x0 >posix_get_nt_acl: called for file . >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx >canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >check_open_rights: file . requesting 0x100001 returning 0x100001 (NT_STATUS_OK) >allocated file structure 16016, fnum = 20112 (1 used) >Locking key 020800000000000001C0 >Allocated locked data 0x0x7fb624085730 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >Unlocking key 020800000000000001C0 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: . >dos_mode_from_sbuf returning d >dos_mode returning d >reply_ntcreate_and_X: fnum = 20112, open name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 54 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3456 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 23 (0x17) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=20112 (0x4E90) >smb_vwv[22]= 0 (0x0) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 >reply_nttrans: state->setup_count = 8 >[0000] 17 00 00 00 90 4E 00 00 .....N.. >call_nt_transact_notify_change >call_nt_transact_notify_change: notify change called on ., filter = FILE_NAME|DIR_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0 >Locking key 6E6F7469667920617272 >Allocated locked data 0x0x7fb624077f00 >notify_load: > notify->array: struct notify_array > num_depths : 0x00000000 (0) > depth: ARRAY(0) >inotify_add_watch for /testshare mask 210003c6 returned wd 1 >Unlocking key 6E6F7469667920617272 >change_notify_add_request: Adding request for .: max_param = 32 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 55 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=3521 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 3 (0x3) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=20112 (0x4E90) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 >reply_nttrans: state->setup_count = 8 >[0000] 03 00 00 00 90 4E 01 00 .....N.. >call_nt_transact_notify_change >call_nt_transact_notify_change: notify change called on ., filter = FILE_NAME|DIR_NAME, recursive = 1 >change_notify_add_request: Adding request for .: max_param = 32 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 56 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=3586 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=3586 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 57 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3650 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16017, fnum = 20113 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 58 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3714 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20113 (0x4E91) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e91) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3714 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 59 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3778 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20113 (0x4E91) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 D4 88 86 10 0F 00 00 .L...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e91) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3778 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 60 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=3842 >smt_wct=3 >smb_vwv[ 0]=20113 (0x4E91) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20113 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20113 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=3842 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 61 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3906 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16018, fnum = 20114 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 62 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3970 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20114 (0x4E92) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e92) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=3970 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 63 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4034 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20114 (0x4E92) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 20 8B 86 10 0F 00 00 .4...... . ...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e92) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4034 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 64 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=4098 >smt_wct=3 >smb_vwv[ 0]=20114 (0x4E92) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20114 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20114 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=4098 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 65 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4162 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 EF 03 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2qfsinfo: level = 1007 >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242476 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4162 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[0000] 00 40 B9 0B 09 00 00 00 00 2C AF B0 06 00 00 00 .@...... .,...... >[0010] 00 2C AF B0 06 00 00 00 00 02 00 00 00 00 02 00 .,...... ........ >[0020] 00 . >SMBtrans2 info_level = 1007 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 66 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4226 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4226 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 67 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4290 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 EF 03 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242472 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4290 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[0000] 00 40 B9 0B 09 00 00 00 00 28 AF B0 06 00 00 00 .@...... .(...... >[0010] 00 28 AF B0 06 00 00 00 00 02 00 00 00 00 02 00 .(...... ........ >[0020] 00 . >SMBtrans2 info_level = 1007 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 68 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4354 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011b40 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4354 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 90 6A ......i. 1^.....j >[0020] 2A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD *_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 122 >got message type 0x0 of len 0x7a >Transaction 69 of length 126 (0 toread) >size=122 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4418 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 9216 (0x2400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=39 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 5C 00 44 .\.t.e.s .t.2.\.D >[0010] 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 .e.s.k.t .o.p...i >[0020] 00 6E 00 69 00 00 00 .n.i... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2/Desktop.ini >create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2/Desktop.ini >unix_convert called on file "test2/Desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/Desktop.ini, dirpath = test2, start = Desktop.ini >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >New file Desktop.ini >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2/Desktop.ini >allocated file structure 16019, fnum = 20115 (2 used) >unix_mode(test2/Desktop.ini) returning 0744 >open_file_ntcreate: fname=test2/Desktop.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 >open_file_ntcreate: FILE_OPEN requested for file test2/Desktop.ini and file doesn't exist. >freed files structure 20115 (1 used) >create_file_unixpath: NT_STATUS_OBJECT_NAME_NOT_FOUND >create_file: NT_STATUS_OBJECT_NAME_NOT_FOUND >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4418 >smt_wct=0 >smb_bcc=0 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 70 of length 92 (0 toread) >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4482 >smt_wct=15 >smb_vwv[ 0]= 20 (0x14) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 20 (0x14) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=23 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 00 00 .t.2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >fetch_share_mode_unlocked: no share_mode record around (file not open) >call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION >SMB_QFBI - create: Tue Feb 23 08:59:59 2010 > access: Tue Feb 23 09:06:57 2010 > write: Tue Feb 23 08:59:59 2010 > change: Tue Feb 23 08:59:59 2010 > mode: 11 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4482 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=45 >[0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. >[0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 71 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4546 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16020, fnum = 20116 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20116 (1 used) >open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x80 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) >allocated file structure 16021, fnum = 20117 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408bfd0 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20117, open name = test2 >got smb length of 72 >got message type 0x0 of len 0x48 >Transaction 72 of length 76 (0 toread) >size=72 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4610 >smt_wct=15 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 2046 (0x7FE) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 4 (0x4) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 7 (0x7) >smb_bcc=7 >[0000] 00 00 00 95 4E FE 03 ....N.. >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 >call_trans2qfilepathinfo test2 (fnum = 20117) level=1022 call=7 total_data=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >call_trans2qfilepathinfo: SMB_FILE_STREAM_INFORMATION >t2_rep: params_sent_thistime = 2, data_sent_thistime = 0, useable_space = 131012 >t2_rep: params_to_send = 2, data_to_send = 0, paramsize = 2, datasize = 0 >size=58 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4610 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=3 >[0000] 00 00 00 ... >got smb length of 72 >got message type 0x0 of len 0x48 >Transaction 73 of length 76 (0 toread) >size=72 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4674 >smt_wct=15 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 4 (0x4) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 7 (0x7) >smb_bcc=7 >[0000] 00 00 00 95 4E EC 03 ....N.. >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 >call_trans2qfilepathinfo test2 (fnum = 20117) level=1004 call=7 total_data=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION >SMB_QFBI - create: Tue Feb 23 08:59:59 2010 > access: Tue Feb 23 09:06:57 2010 > write: Tue Feb 23 08:59:59 2010 > change: Tue Feb 23 08:59:59 2010 > mode: 11 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=4674 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=45 >[0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. >[0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 74 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=4738 >smt_wct=3 >smb_vwv[ 0]=20117 (0x4E95) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20117 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20117 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=4738 >smt_wct=0 >smb_bcc=0 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 75 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=4802 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=4802 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 76 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4866 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16022, fnum = 20118 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 77 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4930 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20118 (0x4E96) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e96) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4930 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 78 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4994 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20118 (0x4E96) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 AC B9 86 10 0F 00 00 .L...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e96) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=4994 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 79 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=5058 >smt_wct=3 >smb_vwv[ 0]=20118 (0x4E96) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20118 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20118 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=5058 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 80 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5122 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16023, fnum = 20119 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 81 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5186 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20119 (0x4E97) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e97) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5186 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 82 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5250 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20119 (0x4E97) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 F8 BB 86 10 0F 00 00 .4...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e97) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5250 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 83 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=5314 >smt_wct=3 >smb_vwv[ 0]=20119 (0x4E97) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20119 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20119 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=5314 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 84 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5378 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624053a50 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5378 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 85 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5442 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5442 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 86 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5506 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5506 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 87 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5570 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5570 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 88 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5634 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5634 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 122 >got message type 0x0 of len 0x7a >Transaction 89 of length 126 (0 toread) >size=122 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5698 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 9216 (0x2400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=39 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 5C 00 44 .\.t.e.s .t.2.\.D >[0010] 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 .e.s.k.t .o.p...i >[0020] 00 6E 00 69 00 00 00 .n.i... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2/Desktop.ini >create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2/Desktop.ini >unix_convert called on file "test2/Desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/Desktop.ini, dirpath = test2, start = Desktop.ini >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >is_mangled Desktop.ini ? >is_mangled_component Desktop.ini (len 11) ? >New file Desktop.ini >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2/Desktop.ini >allocated file structure 16024, fnum = 20120 (2 used) >unix_mode(test2/Desktop.ini) returning 0744 >open_file_ntcreate: fname=test2/Desktop.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 >open_file_ntcreate: FILE_OPEN requested for file test2/Desktop.ini and file doesn't exist. >freed files structure 20120 (1 used) >create_file_unixpath: NT_STATUS_OBJECT_NAME_NOT_FOUND >create_file: NT_STATUS_OBJECT_NAME_NOT_FOUND >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=5698 >smt_wct=0 >smb_bcc=0 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 90 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=5762 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=5762 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 91 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5826 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16025, fnum = 20121 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 92 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5890 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20121 (0x4E99) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e99) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5890 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 93 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5954 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20121 (0x4E99) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 70 AC 86 10 0F 00 00 .L...... .p...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e99) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=5954 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 94 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6018 >smt_wct=3 >smb_vwv[ 0]=20121 (0x4E99) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20121 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20121 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6018 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 95 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6082 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16026, fnum = 20122 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 96 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6146 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20122 (0x4E9A) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e9a) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6146 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 97 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6210 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20122 (0x4E9A) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 BC AE 86 10 0F 00 00 .4...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e9a) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6210 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 98 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6274 >smt_wct=3 >smb_vwv[ 0]=20122 (0x4E9A) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20122 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20122 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6274 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 99 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6338 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6338 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 100 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6402 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6402 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 101 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6466 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=6466 >smt_wct=0 >smb_bcc=0 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 102 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=6530 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=6530 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 103 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6594 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16027, fnum = 20123 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 104 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6658 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20123 (0x4E9B) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e9b) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6658 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 105 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6722 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20123 (0x4E9B) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 70 AC 86 10 0F 00 00 .L...... .p...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e9b) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6722 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 106 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6786 >smt_wct=3 >smb_vwv[ 0]=20123 (0x4E9B) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20123 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20123 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=6786 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 107 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6850 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16028, fnum = 20124 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 108 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6914 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20124 (0x4E9C) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e9c) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6914 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 109 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6978 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20124 (0x4E9C) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 BC AE 86 10 0F 00 00 .4...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4e9c) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=6978 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 110 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=7042 >smt_wct=3 >smb_vwv[ 0]=20124 (0x4E9C) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20124 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20124 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=7042 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 111 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7106 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7106 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 112 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7170 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7170 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 113 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7234 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7234 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 114 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7298 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7298 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 115 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7362 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7362 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 116 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7426 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16029, fnum = 20125 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20125 (1 used) >open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) >allocated file structure 16030, fnum = 20126 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408bfd0 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 22, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20126, open name = test2 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 117 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7490 >smt_wct=23 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 64 (0x40) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 2 (0x2) >smb_vwv[19]= 168 (0xA8) >smb_vwv[20]= 9 (0x9) >smb_vwv[21]=20126 (0x4E9E) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 >reply_nttrans: state->setup_count = 8 >[0000] A8 00 09 00 9E 4E 01 00 .....N.. >call_nt_transact_ioctl: function[0x000900A8] FID[0x4E9E] isFSctl[0x01] compfilter[0x00] >FSCTL_GET_REPARSE_POINT: called on FID[0x4E9E](but not implemented) >error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT >size=35 >smb_com=0xa0 >smb_rcls=117 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=7490 >smt_wct=0 >smb_bcc=0 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 118 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=7554 >smt_wct=3 >smb_vwv[ 0]=20126 (0x4E9E) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20126 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 22, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20126 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=7554 >smt_wct=0 >smb_bcc=0 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 119 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=7618 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=7618 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 120 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7682 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16031, fnum = 20127 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 121 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7746 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20127 (0x4E9F) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e9f) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7746 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 122 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7810 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20127 (0x4E9F) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 D8 BB A4 10 0F 00 00 .L...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4e9f) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7810 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 123 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=7874 >smt_wct=3 >smb_vwv[ 0]=20127 (0x4E9F) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20127 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20127 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=7874 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 124 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=7938 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16032, fnum = 20128 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 125 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=8002 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20128 (0x4EA0) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4ea0) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=8002 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 126 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=8066 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20128 (0x4EA0) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 24 BE A4 10 0F 00 00 .4...... .$...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4ea0) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=8066 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 127 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=8130 >smt_wct=3 >smb_vwv[ 0]=20128 (0x4EA0) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20128 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20128 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=8130 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 128 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8194 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8194 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 129 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8258 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8258 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 130 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8322 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8322 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 131 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8386 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8386 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 96 >got message type 0x0 of len 0x60 >Transaction 132 of length 100 (0 toread) >size=96 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8450 >smt_wct=15 >smb_vwv[ 0]= 28 (0x1C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 28 (0x1C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=31 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 2E 00 64 00 6C 00 6C 00 00 00 .t.2...d .l.l... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2.dll" >stat_cache_lookup: lookup failed for name [TEST2.DLL] >unix_convert begin: name = test2.dll, dirpath = , start = test2.dll >is_mangled test2.dll ? >is_mangled_component test2.dll (len 9) ? >is_mangled test2.dll ? >is_mangled_component test2.dll (len 9) ? >is_mangled test2.dll ? >is_mangled_component test2.dll (len 9) ? >New file test2.dll >call_trans2qfilepathinfo: SMB_VFS_STAT of test2.dll failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8450 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 133 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8514 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1280 (0x500) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16033, fnum = 20129 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20129 (1 used) >create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY >create_file: NT_STATUS_FILE_IS_A_DIRECTORY >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8514 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 134 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8578 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 256 (0x100) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16034, fnum = 20130 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20130 (1 used) >create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY >create_file: NT_STATUS_FILE_IS_A_DIRECTORY >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8578 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 135 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8642 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16035, fnum = 20131 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x0 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20131 (1 used) >create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY >create_file: NT_STATUS_FILE_IS_A_DIRECTORY >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8642 >smt_wct=0 >smb_bcc=0 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 136 of length 92 (0 toread) >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8706 >smt_wct=15 >smb_vwv[ 0]= 20 (0x14) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 20 (0x14) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=23 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 00 00 .t.2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >fetch_share_mode_unlocked: no share_mode record around (file not open) >call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION >SMB_QFBI - create: Tue Feb 23 08:59:59 2010 > access: Tue Feb 23 09:06:58 2010 > write: Tue Feb 23 08:59:59 2010 > change: Tue Feb 23 08:59:59 2010 > mode: 11 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8706 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=45 >[0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 137 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8770 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8770 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 20 (0x14) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 20 (0x14) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=21 >[0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T >[0010] 00 46 00 53 00 .F.S. >SMBtrans2 info_level = 261 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 138 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8834 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 3584 (0xE00) >smb_vwv[ 9]= 1 (0x1) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >create_file_unixpath: NT_STATUS_PRIVILEGE_NOT_HELD >create_file: NT_STATUS_PRIVILEGE_NOT_HELD >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_PRIVILEGE_NOT_HELD >size=35 >smb_com=0xa2 >smb_rcls=97 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8834 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 139 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=8898 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16036, fnum = 20132 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20000 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x10 on file >delay_for_oplocks: oplock type 0x10 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20000, open_access_mask = 0x20000 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20000 returning 0x20000 (NT_STATUS_OK) >Unlocking key 0208000000000000D748 >freed files structure 20132 (1 used) >open_directory: opening directory test2, access_mask = 0x20000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20000 returning 0x20000 (NT_STATUS_OK) >allocated file structure 16037, fnum = 20133 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb624066940 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 29, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20133, open name = test2 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 140 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=8962 >smt_wct=3 >smb_vwv[ 0]=20133 (0x4EA5) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20133 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 29, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20133 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=8962 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 141 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9026 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 1024 (0x400) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16038, fnum = 20134 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x40000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x40000 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x10 on file >delay_for_oplocks: oplock type 0x10 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x40000, open_access_mask = 0x40000 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x40000 returning 0x40000 (NT_STATUS_OK) >Unlocking key 0208000000000000D748 >freed files structure 20134 (1 used) >open_directory: opening directory test2, access_mask = 0x40000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x40000 returning 0x40000 (NT_STATUS_OK) >allocated file structure 16039, fnum = 20135 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb624066940 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x40080, mid = 0x0, type= 0x0, gen_id = 31, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20135, open name = test2 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 142 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=9090 >smt_wct=3 >smb_vwv[ 0]=20135 (0x4EA7) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20135 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x40080, mid = 0x0, type= 0x0, gen_id = 31, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20135 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=9090 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 143 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9154 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 2048 (0x800) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16040, fnum = 20136 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x80000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x80000 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x10 on file >delay_for_oplocks: oplock type 0x10 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x80000, open_access_mask = 0x80000 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x80000 returning 0x80000 (NT_STATUS_OK) >Unlocking key 0208000000000000D748 >freed files structure 20136 (1 used) >open_directory: opening directory test2, access_mask = 0x80000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x80000 returning 0x80000 (NT_STATUS_OK) >allocated file structure 16041, fnum = 20137 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb624066940 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x80080, mid = 0x0, type= 0x0, gen_id = 33, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20137, open name = test2 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 144 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=9218 >smt_wct=3 >smb_vwv[ 0]=20137 (0x4EA9) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20137 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x80080, mid = 0x0, type= 0x0, gen_id = 33, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20137 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=9218 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 145 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9282 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 1 (0x1) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >create_file_unixpath: NT_STATUS_PRIVILEGE_NOT_HELD >create_file: NT_STATUS_PRIVILEGE_NOT_HELD >error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_PRIVILEGE_NOT_HELD >size=35 >smb_com=0xa2 >smb_rcls=97 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9282 >smt_wct=0 >smb_bcc=0 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 146 of length 92 (0 toread) >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9346 >smt_wct=15 >smb_vwv[ 0]= 20 (0x14) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 20 (0x14) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=23 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 00 00 .t.2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >fetch_share_mode_unlocked: no share_mode record around (file not open) >call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION >SMB_QFBI - create: Tue Feb 23 08:59:59 2010 > access: Tue Feb 23 09:06:58 2010 > write: Tue Feb 23 08:59:59 2010 > change: Tue Feb 23 08:59:59 2010 > mode: 11 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9346 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=45 >[0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 147 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9410 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=9410 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 148 of length 114 (0 toread) >size=110 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=9474 >smt_wct=15 >smb_vwv[ 0]= 42 (0x2A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 42 (0x2A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 16 (0x10) >smb_bcc=45 >[0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 >[0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ >[0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... >switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 >setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 >contains 5 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 >SID[ 1]: S-1-1-0 >SID[ 2]: S-1-5-2 >SID[ 3]: S-1-5-32-546 >SID[ 4]: S-1-22-1-65534 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 65534 >Primary group is 65533 and contains 0 supplementary groups >change_to_user uid=(0,65534) gid=(0,65533) >vfs_ChDir to /tmp >call_trans2getdfsreferral >parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s >parse_dfs_path: hostname: 10.225.5.232 >parse_dfs_path: servicename: test$ >get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. >error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=37 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1596 >smb_uid=102 >smb_mid=9474 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 149 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9538 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >nt_open_pipe: Opening pipe \srvsvc. >allocated file structure 16042, fnum = 20138 (2 used) >Create pipe requested \srvsvc >init_pipe_handles: created handle list for pipe \srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \srvsvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \srvsvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 150 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9602 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20138 (0x4EAA) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. >[0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4eaa) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \srvsvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\srvsvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9602 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 151 of length 188 (0 toread) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9666 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20138 (0x4EAA) >smb_bcc=117 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0020] 00 4C 00 00 00 00 00 10 00 84 B3 A4 10 0F 00 00 .L...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. >[0070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "srvsvc" (pnum 4eaa) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\srvsvc >api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >api_rpc_cmds[16].fn == 0x7fb623901588 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\10.225.5.232' > share_name : 'test$' > level : 0x00000001 (1) >_srvsvc_NetShareGetInfo: 1374 >_srvsvc_NetShareGetInfo: 1439 > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'test$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'testshare' > result : WERR_OK >api_rpcTNP: called \srvsvc successfully >free_pipe_context: destroying talloc pool of size 44 >write_to_pipe: data_used = 84 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 > name: \srvsvc len: 1024 >read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..104] (align 0) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9666 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=105 >[0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... >[0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ >[0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t >[0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ >[0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r >[0060] 00 65 00 00 00 00 00 00 00 .e...... . >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 152 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=9730 >smt_wct=3 >smb_vwv[ 0]=20138 (0x4EAA) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20138 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \srvsvc >freed files structure 20138 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=9730 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 153 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9794 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >nt_open_pipe: Opening pipe \wkssvc. >allocated file structure 16043, fnum = 20139 (2 used) >Create pipe requested \wkssvc >init_pipe_handles: created handle list for pipe \wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \wkssvc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \wkssvc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 154 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9858 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20139 (0x4EAB) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 >[0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4eab) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >api_pipe_bind_req: make response. 1628 >check_bind_req for \wkssvc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\wkssvc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9858 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 155 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9922 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20139 (0x4EAB) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 00 00 D0 B5 A4 10 0F 00 00 .4...... ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "wkssvc" (pnum 4eab) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\wkssvc >api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >api_rpc_cmds[0].fn == 0x7fb6238d3580 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\10.225.5.232' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'TESTPC' > domain_name : * > domain_name : 'TESTGROUP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >api_rpcTNP: called \wkssvc successfully >free_pipe_context: destroying talloc pool of size 49 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \wkssvc len: 1024 >read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 >copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=9922 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 116 (0x74) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... >[0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... >[0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ >[0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E >[0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. >[0070] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 156 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=9986 >smt_wct=3 >smb_vwv[ 0]=20139 (0x4EAB) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20139 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \wkssvc >freed files structure 20139 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=9986 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 157 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10050 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624011b40 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10050 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 158 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10114 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10114 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 159 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10178 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10178 >smt_wct=0 >smb_bcc=0 >got smb length of 112 >got message type 0x0 of len 0x70 >Transaction 160 of length 116 (0 toread) >size=112 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10242 >smt_wct=15 >smb_vwv[ 0]= 44 (0x2C) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 44 (0x2C) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=47 >[0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s >[0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t >[0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "test2/desktop.ini" >stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) >unix_error_packet: error string = No such file or directory >error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10242 >smt_wct=0 >smb_bcc=0 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 161 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10306 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10306 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 162 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10370 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16044, fnum = 20140 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408afa0 >delay_for_oplocks: oplock type 0x3 on file >delay_for_oplocks: oplock type 0x3 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name test2, flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 0208000000000000D748 >freed files structure 20140 (1 used) >open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) >allocated file structure 16045, fnum = 20141 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408bfd0 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 37, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20141, open name = test2 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 163 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10434 >smt_wct=23 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 64 (0x40) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 2 (0x2) >smb_vwv[19]= 168 (0xA8) >smb_vwv[20]= 9 (0x9) >smb_vwv[21]=20141 (0x4EAD) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 >reply_nttrans: state->setup_count = 8 >[0000] A8 00 09 00 AD 4E 01 00 .....N.. >call_nt_transact_ioctl: function[0x000900A8] FID[0x4EAD] isFSctl[0x01] compfilter[0x00] >FSCTL_GET_REPARSE_POINT: called on FID[0x4EAD](but not implemented) >error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT >size=35 >smb_com=0xa0 >smb_rcls=117 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10434 >smt_wct=0 >smb_bcc=0 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 164 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=10498 >smt_wct=3 >smb_vwv[ 0]=20141 (0x4EAD) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20141 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 37, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20141 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=10498 >smt_wct=0 >smb_bcc=0 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 165 of length 92 (0 toread) >size=88 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10562 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 512 (0x200) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=5 >[0000] 00 5C 00 00 00 .\... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = >create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = >unix_convert called on file "" >conversion finished "" -> . >create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = . >allocated file structure 16046, fnum = 20142 (2 used) >unix_mode(.) returning 0744 >open_file_ntcreate: fname=., dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 >dos_mode: . >dos_mode_from_sbuf returning d >dos_mode returning d >open_file_ntcreate: fname=., after mapping access_mask=0x20089 >Locking key 020800000000000001C0 >Allocated locked data 0x0x7fb62408aeb0 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >delay_for_oplocks: oplock type 0x0 on file >share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x1 >share_conflict: access_mask = 0x20089, share_access = 0x3 >share_conflict: [1] am (0x100081) & right (0x6) = 0x0 >share_conflict: [1] sa (0x3) & share (0x2) = 0x2 >share_conflict: [2] am (0x20089) & right (0x6) = 0x0 >share_conflict: [2] sa (0x7) & share (0x2) = 0x2 >share_conflict: [3] am (0x100081) & right (0x21) = 0x1 >share_conflict: [3] sa (0x3) & share (0x1) = 0x1 >share_conflict: [4] am (0x20089) & right (0x21) = 0x1 >share_conflict: [4] sa (0x7) & share (0x1) = 0x1 >share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 >share_conflict: [5] sa (0x3) & share (0x4) = 0x0 >share_conflict: [6] am (0x20089) & right (0x10000) = 0x0 >share_conflict: [6] sa (0x7) & share (0x4) = 0x4 >share_conflict: No conflict. >delay_for_oplocks: oplock type 0x0 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >fd_open: name ., flags = 00 mode = 0744, fd = 28. >get_windows_lock_count for file = 0 >delete_windows_lock_ref_count for file >Unlocking key 020800000000000001C0 >freed files structure 20142 (1 used) >open_directory: opening directory ., access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 >posix_get_nt_acl: called for file . >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx >canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >check_open_rights: file . requesting 0x20089 returning 0x20009 (NT_STATUS_OK) >allocated file structure 16047, fnum = 20143 (2 used) >Locking key 020800000000000001C0 >Allocated locked data 0x0x7fb62408c030 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x1 >share_conflict: access_mask = 0x20089, share_access = 0x3 >share_conflict: [1] am (0x100081) & right (0x6) = 0x0 >share_conflict: [1] sa (0x3) & share (0x2) = 0x2 >share_conflict: [2] am (0x20089) & right (0x6) = 0x0 >share_conflict: [2] sa (0x7) & share (0x2) = 0x2 >share_conflict: [3] am (0x100081) & right (0x21) = 0x1 >share_conflict: [3] sa (0x3) & share (0x1) = 0x1 >share_conflict: [4] am (0x20089) & right (0x21) = 0x1 >share_conflict: [4] sa (0x7) & share (0x1) = 0x1 >share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 >share_conflict: [5] sa (0x3) & share (0x4) = 0x0 >share_conflict: [6] am (0x20089) & right (0x10000) = 0x0 >share_conflict: [6] sa (0x7) & share (0x4) = 0x4 >share_conflict: No conflict. >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 2 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >print_share_mode_table: share_mode_entry[1]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 >Unlocking key 020800000000000001C0 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: . >dos_mode_from_sbuf returning d >dos_mode returning d >reply_ntcreate_and_X: fnum = 20143, open name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 166 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10626 >smt_wct=23 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 64 (0x40) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 2 (0x2) >smb_vwv[19]= 168 (0xA8) >smb_vwv[20]= 9 (0x9) >smb_vwv[21]=20143 (0x4EAF) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[0000] 00 00 00 ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 >reply_nttrans: state->setup_count = 8 >[0000] A8 00 09 00 AF 4E 01 00 .....N.. >call_nt_transact_ioctl: function[0x000900A8] FID[0x4EAF] isFSctl[0x01] compfilter[0x00] >FSCTL_GET_REPARSE_POINT: called on FID[0x4EAF](but not implemented) >error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT >size=35 >smb_com=0xa0 >smb_rcls=117 >smb_reh=2 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10626 >smt_wct=0 >smb_bcc=0 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 167 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=10690 >smt_wct=3 >smb_vwv[ 0]=20143 (0x4EAF) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20143 >Locking key 020800000000000001C0 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 2 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >parse_share_modes: share_mode_entry[1]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 2 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >print_share_mode_table: share_mode_entry[1]: UNUSED pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x40, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 >Unlocking key 020800000000000001C0 >freed files structure 20143 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=10690 >smt_wct=0 >smb_bcc=0 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 168 of length 74 (0 toread) >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10754 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[0000] 00 00 00 03 01 ..... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 259 >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument >sys_get_quota() uid(0, 123) >sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] >sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument >call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242172 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 24, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 24, paramsize = 0, datasize = 24 >size=80 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10754 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 24 (0x18) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 24 (0x18) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=25 >[0000] 00 40 B9 0B 09 00 00 00 00 FC AD B0 06 00 00 00 .@...... ........ >[0010] 00 02 00 00 00 00 02 00 00 ........ . >SMBtrans2 info_level = 259 >got smb length of 94 >got message type 0x0 of len 0x5e >Transaction 169 of length 98 (0 toread) >size=94 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10818 >smt_wct=15 >smb_vwv[ 0]= 26 (0x1A) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 26 (0x1A) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=29 >[0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >dir=./, mask = test2 >dptr_create dir=./ >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = test2, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 >dos_mode: ./test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found ./test2 fname=test2 >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 >size=172 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10818 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 104 (0x68) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=117 >[0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s >[0070] 00 74 00 32 00 .t.2. >SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 170 of length 102 (0 toread) >size=98 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10882 >smt_wct=15 >smb_vwv[ 0]= 30 (0x1E) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 30 (0x1E) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=33 >[0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ >[0010] 00 74 00 65 00 73 00 74 00 32 00 5C 00 2A 00 00 .t.e.s.t .2.\.*.. >[0020] 00 . >switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >unix_convert called on file "test2/*" >stat_cache_lookup: lookup failed for name [TEST2/*] >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >unix_convert begin: name = test2/*, dirpath = test2, start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >dir=test2, mask = * >dptr_create dir=test2 >creating new dirptr 256 for path test2, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<test2> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset 0 >dos_mode: test2/. >dos_mode_from_sbuf returning rd >dos_mode returning rd >fetch_share_mode_unlocked: no share_mode record around (file not open) >get_lanman2_dir_entry: found test2/. fname=. >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset 2147483648 >dos_mode: test2/.. >dos_mode_from_sbuf returning d >dos_mode returning d >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 2 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 >parse_share_modes: share_mode_entry[1]: UNUSED pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x40, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 >get_lanman2_dir_entry: found test2/.. fname=.. >get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset -1 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 >size=264 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=10882 >smt_wct=10 >smb_vwv[ 0]= 10 (0xA) >smb_vwv[ 1]= 196 (0xC4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 10 (0xA) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 196 (0xC4) >smb_vwv[ 7]= 68 (0x44) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=209 >[0000] 00 FD FF 02 00 01 00 00 00 60 00 00 00 60 00 00 ........ .`...`.. >[0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[0040] 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 ........ ........ >[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. >[0070] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... >[0080] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. >[0090] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ >[00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ >[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ >[00D0] 00 . >SMBtrans2 mask=* directory=test2 dirtype=22 numentries=2 >hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 171 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=10946 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /tmp >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >nt_open_pipe: Opening pipe \lsarpc. >allocated file structure 16048, fnum = 20144 (2 used) >Create pipe requested \lsarpc >init_pipe_handles: created handle list for pipe \lsarpc >init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \lsarpc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \lsarpc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 172 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11010 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20144 (0x4EB0) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. >[0040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb0) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 3919286a > 0014 data : b10c > 0016 data : 11d0 > 0018 data : 9b a8 > 001a data : 00 c0 4f d9 2e f5 > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\dssetup -> \PIPE\dssetup >api_pipe_bind_req: make response. 1628 >check_bind_req for \lsarpc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000e > 000a str: \PIPE\dssetup. > 000018 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11010 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 64 73 73 65 74 75 70 00 01 00 00 00 00 00 00 \dssetup ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 173 of length 114 (0 toread) >size=110 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11074 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20144 (0x4EB0) >smb_bcc=43 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ >[0020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=26 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb0) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 26 >write_to_pipe: data_left = 26 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000002 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION >api_rpc_cmds[0].fn == 0x7fb6238ceff0 > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >fill_dsrole_dominfo_basic: enter > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_STANDALONE_SERVER (2) > flags : 0x00000000 (0) > 0: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 0: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'TESTPC' > dns_domain : NULL > forest : NULL > domain_guid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 48 >write_to_pipe: data_used = 10 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408ae80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408ae80 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000004c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..100] (align 0) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11074 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 100 (0x64) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=101 >[0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ >[0020] 00 02 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ >[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0060] 00 00 00 00 00 ..... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 174 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=11138 >smt_wct=3 >smb_vwv[ 0]=20144 (0x4EB0) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >close fd=-1 fnum=20144 (numopen=1) >close_write_time: Sun Feb 7 07:28:15 2106 >close_policy_by_pipe: deleted handle list for pipe \lsarpc >freed files structure 20144 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=11138 >smt_wct=0 >smb_bcc=0 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 175 of length 102 (0 toread) >size=98 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=11202 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=32768 (0x8000) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=15 >[0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... >switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /testshare >reply_ntcreate_and_X: flags = 0x10, access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 >create_file: access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 >unix_convert called on file "test2" >stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] >create_file_unixpath: access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 >allocated file structure 16049, fnum = 20145 (2 used) >unix_mode(test2) returning 0744 >open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20080 share_access=0x7 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=0 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >open_file_ntcreate: fname=test2, after mapping access_mask=0x20080 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408b050 >delay_for_oplocks: oplock type 0x10 on file >delay_for_oplocks: oplock type 0x10 on file >calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20080, open_access_mask = 0x20080 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20080 returning 0x20000 (NT_STATUS_OK) >Unlocking key 0208000000000000D748 >freed files structure 20145 (1 used) >open_directory: opening directory test2, access_mask = 0x20080, share_access = 0x7 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x0 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >check_open_rights: file test2 requesting 0x20080 returning 0x20000 (NT_STATUS_OK) >allocated file structure 16050, fnum = 20146 (2 used) >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb624075760 >unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 >print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 42, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >create_file_unixpath: info=1 >create_file: info=1 >dos_mode: test2 >dos_mode_from_sbuf returning rd >dos_mode returning rd >reply_ntcreate_and_X: fnum = 20146, open name = test2 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 176 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=11266 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[0000] 00 00 00 B2 4E 00 00 04 00 00 00 ....N... ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=0, param_total=8, this_param=8, max_param=4, data_total=0, this_data=0, max_data=0, param_offset=76, data_offset=0 >call_nt_transact_query_security_desc: file = test2, info_wanted = 0x4 >posix_fget_nt_acl: called for file test2 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >call_nt_transact_query_security_desc: sd_size = 108. >call_nt_transact_query_security_desc for file test2 > psd: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x9004 (36868) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 1: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : NULL > group_sid : NULL > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x0058 (88) > num_aces : 0x00000003 (3) > aces: ARRAY(3) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x00120089 (1179785) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-783145419-1966905550-2589541370-1000 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x001f01ff (2032127) > object : union security_ace_object_ctr(case 0) > trustee : S-1-22-2-123 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x00000000 (0) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 >nt_rep: params_sent_thistime = 4, data_sent_thistime = 0, useable_space = 130994 >nt_rep: params_to_send = 4, data_to_send = 0, paramsize = 4, datasize = 0 >error packet at smbd/nttrans.c(226) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL >size=78 >smb_com=0xa0 >smb_rcls=35 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=11266 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18944 (0x4A00) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=7 >[0000] 00 00 00 6C 00 00 00 ...l... >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 177 of length 88 (0 toread) >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=11330 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=27648 (0x6C00) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[0000] 00 00 00 B2 4E 00 00 04 00 00 00 ....N... ... >switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >num_setup=0, param_total=8, this_param=8, max_param=4, data_total=0, this_data=0, max_data=108, param_offset=76, data_offset=0 >call_nt_transact_query_security_desc: file = test2, info_wanted = 0x4 >posix_fget_nt_acl: called for file test2 >posix_get_nt_acl: called for file test2 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- >canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- >map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 >map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >call_nt_transact_query_security_desc: sd_size = 108. >call_nt_transact_query_security_desc for file test2 > psd: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x9004 (36868) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 1: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : NULL > group_sid : NULL > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x0058 (88) > num_aces : 0x00000003 (3) > aces: ARRAY(3) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x00120089 (1179785) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-783145419-1966905550-2589541370-1000 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x001f01ff (2032127) > object : union security_ace_object_ctr(case 0) > trustee : S-1-22-2-123 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x00000000 (0) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 >nt_rep: params_sent_thistime = 4, data_sent_thistime = 108, useable_space = 130994 >nt_rep: params_to_send = 4, data_to_send = 108, paramsize = 4, datasize = 108 >size=186 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1596 >smb_uid=100 >smb_mid=11330 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=27648 (0x6C00) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18944 (0x4A00) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=27648 (0x6C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19968 (0x4E00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=115 >[0000] 00 00 00 6C 00 00 00 01 00 04 90 00 00 00 00 00 ...l.... ........ >[0010] 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 03 ........ .....X.. >[0020] 00 00 00 00 00 24 00 89 00 12 00 01 05 00 00 00 .....$.. ........ >[0030] 00 00 05 15 00 00 00 CB D9 AD 2E CE 98 3C 75 FA ........ .....<u. >[0040] 43 59 9A E8 03 00 00 00 00 18 00 FF 01 1F 00 01 CY...... ........ >[0050] 02 00 00 00 00 00 16 02 00 00 00 7B 00 00 00 00 ........ ...{.... >[0060] 00 14 00 00 00 00 00 01 01 00 00 00 00 00 01 00 ........ ........ >[0070] 00 00 00 ... >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 178 of length 45 (0 toread) >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=11394 >smt_wct=3 >smb_vwv[ 0]=20146 (0x4EB2) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 12841) conn 0x7fb624079b30 >change_to_user: Skipping user change - already user >close directory fnum=20146 >Locking key 0208000000000000D748 >Allocated locked data 0x0x7fb62408ad60 >parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 >parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 42, uid = 123, flags = 0, file_id 802:4648d7:0 >Unlocking key 0208000000000000D748 >freed files structure 20146 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=11394 >smt_wct=0 >smb_bcc=0 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 179 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11458 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 >contains 6 SIDs >SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 >SID[ 1]: S-1-22-2-123 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-22-1-123 >SE_PRIV 0x0 0x0 0x0 0x0 >UNIX token of user 123 >Primary group is 123 and contains 1 supplementary groups >Group[ 0]: 123 >change_to_user uid=(0,123) gid=(0,123) >vfs_ChDir to /tmp >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >nt_open_pipe: Opening pipe \lsarpc. >allocated file structure 16051, fnum = 20147 (2 used) >Create pipe requested \lsarpc >init_pipe_handles: created handle list for pipe \lsarpc >init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \lsarpc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \lsarpc >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 180 of length 104 (0 toread) >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11522 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. >[0010] 00 . >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >nt_open_pipe: Opening pipe \lsarpc. >allocated file structure 16052, fnum = 20148 (3 used) >Create pipe requested \lsarpc >init_pipe_handles: pipe_handles ref count = 2 for pipe \lsarpc >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \lsarpc (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \lsarpc >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 181 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11587 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20147 (0x4EB3) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. >[0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >api_pipe_bind_req: make response. 1628 >check_bind_req for \lsarpc >checking lsarpc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\lsarpc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11587 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 192 >got message type 0x0 of len 0xc0 >Transaction 182 of length 196 (0 toread) >size=192 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11651 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20147 (0x4EB3) >smb_bcc=125 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... >[0020] 00 54 00 00 00 00 00 2C 00 18 14 14 00 0F 00 00 .T....., ........ >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 18 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 90 FA A9 ........ ........ >[0070] 10 0C 00 00 00 02 00 01 00 00 08 00 00 ........ ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=108 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 108 >write_to_pipe: data_left = 108 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 >fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 92 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 92 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 92, incoming data = 92 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000054 > 0004 context_id: 0000 > 0006 opnum : 002c >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >api_rpc_cmds[44].fn == 0x7fb6238bebc8 > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\10.225.5.232' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x00000800 (2048) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 1: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >_lsa_OpenPolicy2: access GRANTED (requested: 0x00000800, granted: 0x00000800) >Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 1084 >write_to_pipe: data_used = 92 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af20 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af20 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11651 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 183 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11714 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20148 (0x4EB4) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 00 00 01 ......S. ........ >[0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. >[0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) >api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >api_pipe_bind_req: make response. 1628 >check_bind_req for \lsarpc >checking lsarpc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\lsarpc. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11714 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 224 >got message type 0x0 of len 0xe0 >Transaction 184 of length 228 (0 toread) >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11779 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 140 (0x8C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 140 (0x8C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20147 (0x4EB3) >smb_bcc=157 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 ........ ........ >[0020] 00 74 00 00 00 00 00 39 00 00 00 00 00 01 00 00 .t.....9 ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 02 00 00 ......K. .)2..... >[0040] 00 E8 0E F9 04 02 00 00 00 88 BF F7 04 50 95 15 ........ .....P.. >[0050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[0060] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A E8 03 00 .......< u.CY.... >[0070] 00 02 00 00 00 01 02 00 00 00 00 00 16 02 00 00 ........ ........ >[0080] 00 7B 00 00 00 00 00 00 00 00 00 00 00 01 00 00 .{...... ........ >[0090] 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=140 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 140 >write_to_pipe: data_left = 140 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 140 >fill_rpc_header: data_to_copy = 140, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 124 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 124 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 008c > 000a auth_len : 0000 > 000c call_id : 00000003 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 124 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 124, incoming data = 124 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000074 > 0004 context_id: 0000 > 0006 opnum : 0039 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x39 - api_rpcTNP: rpc command: LSA_LOOKUPSIDS2 >api_rpc_cmds[57].fn == 0x7fb6238bce80 > lsa_LookupSids2: struct lsa_LookupSids2 > in: struct lsa_LookupSids2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-834b-a58c29320000 > sids : * > sids: struct lsa_SidArray > num_sids : 0x00000002 (2) > sids : * > sids: ARRAY(2) > sids: struct lsa_SidPtr > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370-1000 > sids: struct lsa_SidPtr > sid : * > sid : S-1-22-2-123 > names : * > names: struct lsa_TransNameArray2 > count : 0x00000000 (0) > names : NULL > level : 0x0001 (1) > count : * > count : 0x00000000 (0) > unknown1 : 0x00000000 (0) > unknown2 : 0x00000002 (2) >Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Accepting SID S-1-5-21-783145419-1966905550-2589541370 in level 1 >Accepting SID S-1-22-2 in level 1 >lookup_rids called for domain sid 'S-1-5-21-783145419-1966905550-2589541370' >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >lookup_global_sam_rid: looking up RID 1000. >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >lookup_rids: root:1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >lookup_rids called for domain sid 'S-1-22-2' >num_sids 2, mapped_count 2, status NT_STATUS_OK > lsa_LookupSids2: struct lsa_LookupSids2 > out: struct lsa_LookupSids2 > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000002 (2) > domains : * > domains: ARRAY(2) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'TESTPC' > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370 > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'Unix Group' > sid : * > sid : S-1-22-2 > max_size : 0x00000020 (32) > names : * > names: struct lsa_TransNameArray2 > count : 0x00000002 (2) > names : * > names: ARRAY(2) > names: struct lsa_TranslatedName2 > sid_type : SID_NAME_USER (1) > name: struct lsa_String > length : 0x7075 (28789) > size : 0x0000 (0) > string : * > string : 'root' > sid_index : 0x00000000 (0) > unknown : 0x00000000 (0) > names: struct lsa_TranslatedName2 > sid_type : SID_NAME_DOM_GRP (2) > name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'gruppetest' > sid_index : 0x00000001 (1) > unknown : 0x00000000 (0) > count : * > count : 0x00000002 (2) > result : NT_STATUS_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 3450 >write_to_pipe: data_used = 124 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af60 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af60 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 256. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0118 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000100 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..280] (align 0) >size=336 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11779 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 280 (0x118) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 280 (0x118) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=281 >[0000] 00 05 00 02 03 10 00 00 00 18 01 00 00 03 00 00 ........ ........ >[0010] 00 00 01 00 00 00 00 00 00 00 00 02 00 02 00 00 ........ ........ >[0020] 00 04 00 02 00 20 00 00 00 02 00 00 00 0C 00 0E ..... .. ........ >[0030] 00 08 00 02 00 0C 00 02 00 14 00 16 00 10 00 02 ........ ........ >[0040] 00 14 00 02 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ >[0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 04 00 00 .T.E.S.T .P.C.... >[0060] 00 01 04 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ >[0070] 2E CE 98 3C 75 FA 43 59 9A 0B 00 00 00 00 00 00 ...<u.CY ........ >[0080] 00 0A 00 00 00 55 00 6E 00 69 00 78 00 20 00 47 .....U.n .i.x. .G >[0090] 00 72 00 6F 00 75 00 70 00 01 00 00 00 01 01 00 .r.o.u.p ........ >[00A0] 00 00 00 00 16 02 00 00 00 02 00 00 00 18 00 02 ........ ........ >[00B0] 00 02 00 00 00 01 00 00 00 08 00 08 00 1C 00 02 ........ ........ >[00C0] 00 00 00 00 00 00 00 00 00 02 00 00 00 14 00 14 ........ ........ >[00D0] 00 20 00 02 00 01 00 00 00 00 00 00 00 04 00 00 . ...... ........ >[00E0] 00 00 00 00 00 04 00 00 00 72 00 6F 00 6F 00 74 ........ .r.o.o.t >[00F0] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 67 00 72 ........ .....g.r >[0100] 00 75 00 70 00 70 00 65 00 74 00 65 00 73 00 74 .u.p.p.e .t.e.s.t >[0110] 00 02 00 00 00 00 00 00 00 ........ . >got smb length of 192 >got message type 0x0 of len 0xc0 >Transaction 185 of length 196 (0 toread) >size=192 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11842 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20148 (0x4EB4) >smb_bcc=125 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 02 00 00 ........ .l...... >[0020] 00 54 00 00 00 00 00 2C 00 28 AC 11 00 0F 00 00 .T....., .(...... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 18 00 00 00 00 00 00 .3.2.... ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 5C F6 A4 ........ .....\.. >[0070] 10 0C 00 00 00 02 00 01 00 01 00 00 00 ........ ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=108 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) >api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 >np_write_send: len: 108 >write_to_pipe: data_left = 108 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 >fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 92 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 92 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 92, incoming data = 92 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000054 > 0004 context_id: 0000 > 0006 opnum : 002c >free_pipe_context: destroying talloc pool of size 80 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >api_rpc_cmds[44].fn == 0x7fb6238bebc8 > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\10.225.5.232' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x00000001 (1) > 1: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >_lsa_OpenPolicy2: access GRANTED (requested: 0x00000001, granted: 0x00000001) >Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 1084 >write_to_pipe: data_used = 92 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af20 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af20 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11842 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 186 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11907 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20147 (0x4EB3) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0E 03 10 00 00 00 48 00 00 00 04 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 01 ......S. ........ >[0030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. >[0040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0e > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000004 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 14, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 14 >api_pipe_alter_context: decode request. 1840 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 0008 num_contexts: 01 > 000c context_id : 0001 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 3919286a > 0014 data : b10c > 0016 data : 11d0 > 0018 data : 9b a8 > 001a data : 00 c0 4f d9 2e f5 > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_alter_context: make response. 1854 >check_bind_req for \lsarpc >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 0001 > 000a str: . > 00000b smb_io_rpc_results > 000c num_results: 01 > 0010 result : 0000 > 0012 reason : 0000 > 000014 smb_io_rpc_iface > 000014 smb_io_uuid uuid > 0014 data : 8a885d04 > 0018 data : 1ceb > 001a data : 11c9 > 001c data : 9f e8 > 001e data : 08 00 2b 10 48 60 > 0024 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0f > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0038 > 000a auth_len : 0000 > 000c call_id : 00000004 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: current_pdu_len = 56, current_pdu_sent = 0 returning 56 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..56] (align 0) >size=112 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11907 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 56 (0x38) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=57 >[0000] 00 05 00 0F 03 10 00 00 00 38 00 00 00 04 00 00 ........ .8...... >[0010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ >[0020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0030] 00 2B 10 48 60 02 00 00 00 .+.H`... . >got smb length of 130 >got message type 0x0 of len 0x82 >Transaction 187 of length 134 (0 toread) >size=130 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11970 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20148 (0x4EB4) >smb_bcc=63 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 ........ ........ >[0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 02 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 05 00 ......K. .)2.... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=46 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) >api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 >np_write_send: len: 46 >write_to_pipe: data_left = 46 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000005 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0007 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >api_rpc_cmds[7].fn == 0x7fb6238c3ec0 > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-834b-a58c29320000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'TESTPC' > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370 > result : NT_STATUS_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 72 >write_to_pipe: data_used = 30 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000004c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..100] (align 0) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=11970 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 100 (0x64) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=101 >[0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 05 00 00 ........ .d...... >[0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .L...... ........ >[0020] 00 0C 00 0E 00 04 00 02 00 08 00 02 00 07 00 00 ........ ........ >[0030] 00 00 00 00 00 06 00 00 00 54 00 45 00 53 00 54 ........ .T.E.S.T >[0040] 00 50 00 43 00 04 00 00 00 01 04 00 00 00 00 00 .P.C.... ........ >[0050] 05 15 00 00 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 ........ ...<u.CY >[0060] 9A 00 00 00 00 ..... >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 188 of length 114 (0 toread) >size=110 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12035 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20147 (0x4EB3) >smb_bcc=43 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 04 00 00 ........ ........ >[0020] 00 02 00 00 00 01 00 00 00 01 00 ........ ... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=26 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) >api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 >np_write_send: len: 26 >write_to_pipe: data_left = 26 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000004 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000002 > 0004 context_id: 0001 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 52 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION >api_rpc_cmds[0].fn == 0x7fb6238ceff0 > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >fill_dsrole_dominfo_basic: enter > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_STANDALONE_SERVER (2) > flags : 0x00000000 (0) > 0: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 0: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'TESTPC' > dns_domain : NULL > forest : NULL > domain_guid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 48 >write_to_pipe: data_used = 10 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408ae80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408ae80 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000004c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 >copy_trans_params_and_data: params[0..0] data[0..100] (align 0) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12035 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 100 (0x64) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=101 >[0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 04 00 00 ........ .d...... >[0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ >[0020] 00 02 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ >[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... >[0060] 00 00 00 00 00 ..... >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 189 of length 132 (0 toread) >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12098 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20148 (0x4EB4) >smb_bcc=61 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... >[0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) >api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 >np_write_send: len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000006 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\lsarpc >api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >api_rpc_cmds[0].fn == 0x7fb6238c4e50 > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-834b-a58c29320000 >Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Closed policy > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >api_rpcTNP: called \lsarpc successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \lsarpc len: 1024 >read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12098 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0030] 00 . >got smb length of 96 >got message type 0x0 of len 0x60 >Transaction 190 of length 100 (0 toread) >size=96 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12163 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 2560 (0xA00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=13 >[0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr >nt_open_pipe: Opening pipe \samr. >allocated file structure 16053, fnum = 20149 (4 used) >Create pipe requested \samr >init_pipe_handles: pipe_handles ref count = 3 for pipe \samr >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_username: setting username Administrator, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name Administrator, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\administrator, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 >Created internal pipe \samr (pipes_open=0) >do_ntcreate_pipe_open: open pipe = \samr >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 191 of length 160 (0 toread) >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12227 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=89 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. >[0040] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 1558 >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 01 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ac > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: \PIPE\samr -> \PIPE\samr >api_pipe_bind_req: make response. 1628 >check_bind_req for \samr >checking lsarpc >checking winreg >checking initshutdown >checking dssetup >checking wkssvc >checking svcctl >checking ntsvcs >checking netlogon >checking netdfs >checking srvsvc >checking spoolss >checking eventlog >checking samr >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000b > 000a str: \PIPE\samr. > 000015 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 > name: \samr len: 1024 >read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 >copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12227 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[0010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE >[0020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ >[0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[0040] 60 02 00 00 00 `.... >got smb length of 164 >got message type 0x0 of len 0xa4 >Transaction 192 of length 168 (0 toread) >size=164 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12291 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 80 (0x50) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=97 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... >[0020] 00 38 00 00 00 00 00 3E 00 48 3B 0C 00 0F 00 00 .8.....> .H;..... >[0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 >[0050] 00 33 00 32 00 00 00 00 00 02 00 00 00 30 00 00 .3.2.... .....0.. >[0060] 00 . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=80 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 80 >write_to_pipe: data_left = 80 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 64 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 64 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000038 > 0004 context_id: 0000 > 0006 opnum : 003e >free_pipe_context: destroying talloc pool of size 78 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >api_rpc_cmds[62].fn == 0x7fb62393bec0 > samr_Connect4: struct samr_Connect4 > in: struct samr_Connect4 > system_name : * > system_name : '\\10.225.5.232' > client_version : SAMR_CONNECT_W2K (2) > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN >_samr_Connect4: 3976 >_samr_Connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) >get_samr_info_by_sid: created new info for sid (NULL) >get_samr_info_by_sid: created new info for NULL sid. >Opened policy hnd[2] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_Connect4: 4007 > samr_Connect4: struct samr_Connect4 > out: struct samr_Connect4 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 784 >write_to_pipe: data_used = 64 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12291 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 136 >got message type 0x0 of len 0x88 >Transaction 193 of length 140 (0 toread) >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12355 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 52 (0x34) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 52 (0x34) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=69 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... >[0020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 03 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0040] 00 00 20 00 00 .. .. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=52 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 52 >write_to_pipe: data_left = 52 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000001c > 0004 context_id: 0000 > 0006 opnum : 0006 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUMDOMAINS >api_rpc_cmds[6].fn == 0x7fb623943fc0 > samr_EnumDomains: struct samr_EnumDomains > in: struct samr_EnumDomains > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-834b-a58c29320000 > resume_handle : * > resume_handle : 0x00000000 (0) > buf_size : 0x00002000 (8192) >Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_EnumDomains: access check ((granted: 0x00000030; required: 0x00000010) > samr_EnumDomains: struct samr_EnumDomains > out: struct samr_EnumDomains > resume_handle : * > resume_handle : 0x00000000 (0) > sam : * > sam : * > sam: struct samr_SamArray > count : 0x00000002 (2) > entries : * > entries: ARRAY(2) > entries: struct samr_SamEntry > idx : 0x00000000 (0) > name: struct lsa_String > length : 0x000c (12) > size : 0x000c (12) > string : * > string : 'TESTPC' > entries: struct samr_SamEntry > idx : 0x00000001 (1) > name: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'Builtin' > num_entries : * > num_entries : 0x00000002 (2) > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 64 >write_to_pipe: data_used = 36 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aeb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aeb0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 104. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0080 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000068 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 >copy_trans_params_and_data: params[0..0] data[0..128] (align 0) >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12355 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 128 (0x80) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 128 (0x80) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=129 >[0000] 00 05 00 02 03 10 00 00 00 80 00 00 00 02 00 00 ........ ........ >[0010] 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 02 .h...... ........ >[0020] 00 02 00 00 00 04 00 02 00 02 00 00 00 00 00 00 ........ ........ >[0030] 00 0C 00 0C 00 08 00 02 00 01 00 00 00 0E 00 0E ........ ........ >[0040] 00 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ >[0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 07 00 00 .T.E.S.T .P.C.... >[0060] 00 00 00 00 00 07 00 00 00 42 00 75 00 69 00 6C ........ .B.u.i.l >[0070] 00 74 00 69 00 6E 00 00 00 02 00 00 00 00 00 00 .t.i.n.. ........ >[0080] 00 . >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 194 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12419 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 05 00 00 00 00 00 03 00 00 .4...... ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 0C 00 0C ......K. .)2..... >[0040] 00 A8 AC F8 04 06 00 00 00 00 00 00 00 06 00 00 ........ ........ >[0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 .T.E.S.T .P.C. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000003 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0005 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN >api_rpc_cmds[5].fn == 0x7fb623944260 > samr_LookupDomain: struct samr_LookupDomain > in: struct samr_LookupDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-834b-a58c29320000 > domain_name : * > domain_name: struct lsa_String > length : 0x000c (12) > size : 0x000c (12) > string : * > string : 'TESTPC' >Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_LookupDomain: access check ((granted: 0x00000030; required: 0x00000020) >Returning domain sid for domain TESTPC -> S-1-5-21-783145419-1966905550-2589541370 > samr_LookupDomain: struct samr_LookupDomain > out: struct samr_LookupDomain > sid : * > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 68 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000024 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..60] (align 0) >size=116 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12419 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 60 (0x3C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 60 (0x3C) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=61 >[0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... >[0010] 00 24 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .$...... ........ >[0020] 00 01 04 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ >[0030] 2E CE 98 3C 75 FA 43 59 9A 00 00 00 00 ...<u.CY ..... >got smb length of 160 >got message type 0x0 of len 0xa0 >Transaction 195 of length 164 (0 toread) >size=160 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12483 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 76 (0x4C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 76 (0x4C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=93 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... >[0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 02 00 ......K. .)2..... >[0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0050] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A .......< u.CY. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=76 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 76 >write_to_pipe: data_left = 76 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000004 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 60 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0007 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN >api_rpc_cmds[7].fn == 0x7fb623943d68 > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-834b-a58c29320000 > access_mask : 0x00000200 (512) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370 >Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000210) >get_samr_info_by_sid: created new info for sid S-1-5-21-783145419-1966905550-2589541370 >Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_OpenDomain: 662 > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 784 >write_to_pipe: data_used = 60 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12483 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 148 >got message type 0x0 of len 0x94 >Transaction 196 of length 152 (0 toread) >size=148 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12547 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 64 (0x40) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 64 (0x40) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=81 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 40 00 00 00 05 00 00 ........ .@...... >[0020] 00 28 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .(...... ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 80 02 00 ......K. .)2..... >[0040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0050] 00 . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=64 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 64 >write_to_pipe: data_left = 64 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 >fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 48 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0040 > 000a auth_len : 0000 > 000c call_id : 00000005 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 48 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 48, incoming data = 48 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000028 > 0004 context_id: 0000 > 0006 opnum : 0007 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN >api_rpc_cmds[7].fn == 0x7fb623943d68 > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-834b-a58c29320000 > access_mask : 0x00000280 (640) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 1: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-32 >Found policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_OpenDomain: access GRANTED (requested: 0x00000280, granted: 0x00000290) >get_samr_info_by_sid: created new info for sid S-1-5-32 >Opened policy hnd[4] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_OpenDomain: 662 > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 784 >write_to_pipe: data_used = 48 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aec0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aec0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12547 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 172 >got message type 0x0 of len 0xac >Transaction 197 of length 176 (0 toread) >size=172 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12611 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 88 (0x58) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=105 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... >[0020] 00 40 00 00 00 00 00 11 00 00 00 00 00 04 00 00 .@...... ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 01 00 00 ......K. .)2..... >[0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 08 00 0A ........ ........ >[0050] 00 CC FC A9 10 05 00 00 00 00 00 00 00 04 00 00 ........ ........ >[0060] 00 72 00 6F 00 6F 00 74 00 .r.o.o.t . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=88 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 88 >write_to_pipe: data_left = 88 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 0000 > 000c call_id : 00000006 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000040 > 0004 context_id: 0000 > 0006 opnum : 0011 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES >api_rpc_cmds[17].fn == 0x7fb623942488 > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-834b-a58c29320000 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x0008 (8) > size : 0x0008 (8) > string : * > string : 'root' >_samr_LookupNames: 1816 >Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_LookupNames: access check ((granted: 0x00000210; required: 0000000000) >_samr_LookupNames: looking name on SID S-1-5-21-783145419-1966905550-2589541370 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >Finding user root >Trying _Get_Pwnam(), username as lowercase is root >Get_Pwnam_internals did find user [root]! >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >_samr_LookupNames: 1883 > samr_LookupNames: struct samr_LookupNames > out: struct samr_LookupNames > rids : * > rids: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x000003e8 (1000) > types : * > types: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000001 (1) > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 8 >write_to_pipe: data_used = 72 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aef0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aef0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000024 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 >copy_trans_params_and_data: params[0..0] data[0..60] (align 0) >size=116 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12611 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 60 (0x3C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 60 (0x3C) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=61 >[0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 06 00 00 ........ .<...... >[0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ >[0020] 00 01 00 00 00 E8 03 00 00 01 00 00 00 04 00 02 ........ ........ >[0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >got smb length of 136 >got message type 0x0 of len 0x88 >Transaction 198 of length 140 (0 toread) >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12675 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 52 (0x34) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 52 (0x34) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=69 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 07 00 00 ........ .4...... >[0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 04 00 00 ......." ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 1B 01 02 ......K. .)2..... >[0040] 00 E8 03 00 00 ..... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=52 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 52 >write_to_pipe: data_left = 52 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 00000007 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000001c > 0004 context_id: 0000 > 0006 opnum : 0022 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER >api_rpc_cmds[34].fn == 0x7fb62393fec0 > samr_OpenUser: struct samr_OpenUser > in: struct samr_OpenUser > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-834b-a58c29320000 > access_mask : 0x0002011b (131355) > 1: SAMR_USER_ACCESS_GET_NAME_ETC > 1: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 1: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 0: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 0: SAMR_USER_ACCESS_SET_PASSWORD > 1: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > rid : 0x000003e8 (1000) >Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_OpenUser: access check ((granted: 0x00000210; required: 0x00000200) >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >Finding user root >Trying _Get_Pwnam(), username as lowercase is root >Get_Pwnam_internals did find user [root]! >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >_samr_OpenUser: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) >get_samr_info_by_sid: created new info for sid S-1-5-21-783145419-1966905550-2589541370-1000 >Opened policy hnd[5] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. > samr_OpenUser: struct samr_OpenUser > out: struct samr_OpenUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-834b-a58c29320000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 1016 >write_to_pipe: data_used = 36 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aeb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aeb0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12675 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ >[0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... >[0030] 00 . >got smb length of 130 >got message type 0x0 of len 0x82 >Transaction 199 of length 134 (0 toread) >size=130 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12739 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=63 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 ........ ........ >[0020] 00 16 00 00 00 00 00 24 00 00 00 00 00 06 00 00 .......$ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 15 00 ......K. .)2.... >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=46 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 46 >write_to_pipe: data_left = 46 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000008 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0024 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERYUSERINFO >api_rpc_cmds[36].fn == 0x7fb62393fa38 > samr_QueryUserInfo: struct samr_QueryUserInfo > in: struct samr_QueryUserInfo > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-834b-a58c29320000 > level : 0x0015 (21) >Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_QueryUserInfo: access check ((granted: 0x000f05ff; required: 0x00000010) >_samr_QueryUserInfo: sid:S-1-5-21-783145419-1966905550-2589541370-1000 >_samr_QueryUserInfo: user info level: 21 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >User:[root] >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Finding user root >Trying _Get_Pwnam(), username as lowercase is root >Get_Pwnam_internals did find user [root]! >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: minimum password age, val: 0 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >_samr_QueryUserInfo: 3232 > samr_QueryUserInfo: struct samr_QueryUserInfo > out: struct samr_QueryUserInfo > info : * > info : * > info : union samr_UserInfo(case 21) > info21: struct samr_UserInfo21 > last_logon : NTTIME(0) > last_logoff : Thu Jan 1 01:00:00 1970 CET > last_password_change : Wed Feb 17 16:00:32 2010 CET > acct_expiry : Thu Jan 1 01:00:00 1970 CET > allow_password_change : Wed Feb 17 16:00:32 2010 CET > force_password_change : Thu Jan 1 01:00:00 1970 CET > account_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'root' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'root' > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '\\testpc\root' > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '\\testpc\root\profile' > description: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > workstations: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > comment: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > parameters: struct lsa_BinaryString > length : 0x0000 (0) > size : 0x0000 (0) > array : * > array: ARRAY(0) > lm_owf_password: struct lsa_BinaryString > length : 0x0000 (0) > size : 0x0000 (0) > array : NULL > nt_owf_password: struct lsa_BinaryString > length : 0x0000 (0) > size : 0x0000 (0) > array : NULL > unknown3: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > buf_count : 0x00000000 (0) > buffer : NULL > rid : 0x000003e8 (1000) > primary_gid : 0x00000201 (513) > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > fields_present : 0x00ffffff (16777215) > 1: SAMR_FIELD_ACCOUNT_NAME > 1: SAMR_FIELD_FULL_NAME > 1: SAMR_FIELD_RID > 1: SAMR_FIELD_PRIMARY_GID > 1: SAMR_FIELD_DESCRIPTION > 1: SAMR_FIELD_COMMENT > 1: SAMR_FIELD_HOME_DIRECTORY > 1: SAMR_FIELD_HOME_DRIVE > 1: SAMR_FIELD_LOGON_SCRIPT > 1: SAMR_FIELD_PROFILE_PATH > 1: SAMR_FIELD_WORKSTATIONS > 1: SAMR_FIELD_LAST_LOGON > 1: SAMR_FIELD_LAST_LOGOFF > 1: SAMR_FIELD_LOGON_HOURS > 1: SAMR_FIELD_BAD_PWD_COUNT > 1: SAMR_FIELD_NUM_LOGONS > 1: SAMR_FIELD_ALLOW_PWD_CHANGE > 1: SAMR_FIELD_FORCE_PWD_CHANGE > 1: SAMR_FIELD_LAST_PWD_CHANGE > 1: SAMR_FIELD_ACCT_EXPIRY > 1: SAMR_FIELD_ACCT_FLAGS > 1: SAMR_FIELD_PARAMETERS > 1: SAMR_FIELD_COUNTRY_CODE > 1: SAMR_FIELD_CODE_PAGE > 0: SAMR_FIELD_NT_PASSWORD_PRESENT > 0: SAMR_FIELD_LM_PASSWORD_PRESENT > 0: SAMR_FIELD_PRIVATE_DATA > 0: SAMR_FIELD_EXPIRED_FLAG > 0: SAMR_FIELD_SEC_DESC > 0: SAMR_FIELD_OWF_PWD > logon_hours: struct samr_LogonHours > units_per_week : 0x00a8 (168) > bits : * > bits : ffffffffffffffffffffffffffffffffffffffffff > bad_password_count : 0x0000 (0) > logon_count : 0x0000 (0) > country_code : 0x0000 (0) > code_page : 0x0000 (0) > lm_password_set : 0x00 (0) > nt_password_set : 0x00 (0) > password_expired : 0x00 (0) > unknown4 : 0x00 (0) > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 1091 >write_to_pipe: data_used = 30 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 452. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 01dc > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 000001c4 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..476] (align 0) >size=532 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12739 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 476 (0x1DC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 476 (0x1DC) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=477 >[0000] 00 05 00 02 03 10 00 00 00 DC 01 00 00 08 00 00 ........ ........ >[0010] 00 C4 01 00 00 00 00 00 00 00 00 02 00 15 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 00 80 E9 A5 D4 DE B1 9D ........ ........ >[0030] 01 00 28 6D F3 E1 AF CA 01 80 E9 A5 D4 DE B1 9D ..(m.... ........ >[0040] 01 00 28 6D F3 E1 AF CA 01 7F 96 98 00 C0 B4 B3 ..(m.... ........ >[0050] FF 08 00 08 00 04 00 02 00 08 00 08 00 08 00 02 ........ ........ >[0060] 00 1A 00 1A 00 0C 00 02 00 00 00 00 00 10 00 02 ........ ........ >[0070] 00 00 00 00 00 14 00 02 00 2A 00 2A 00 18 00 02 ........ .*.*.... >[0080] 00 00 00 00 00 1C 00 02 00 00 00 00 00 20 00 02 ........ ..... .. >[0090] 00 00 00 00 00 24 00 02 00 00 00 00 00 28 00 02 .....$.. .....(.. >[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[00C0] 00 E8 03 00 00 01 02 00 00 10 00 00 00 FF FF FF ........ ........ >[00D0] 00 A8 00 00 00 2C 00 02 00 00 00 00 00 00 00 00 .....,.. ........ >[00E0] 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ >[00F0] 00 72 00 6F 00 6F 00 74 00 04 00 00 00 00 00 00 .r.o.o.t ........ >[0100] 00 04 00 00 00 72 00 6F 00 6F 00 74 00 0D 00 00 .....r.o .o.t.... >[0110] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 74 00 65 ........ .\.\.t.e >[0120] 00 73 00 74 00 70 00 63 00 5C 00 72 00 6F 00 6F .s.t.p.c .\.r.o.o >[0130] 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .t...... ........ >[0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ >[0150] 00 00 00 00 00 15 00 00 00 5C 00 5C 00 74 00 65 ........ .\.\.t.e >[0160] 00 73 00 74 00 70 00 63 00 5C 00 72 00 6F 00 6F .s.t.p.c .\.r.o.o >[0170] 00 74 00 5C 00 70 00 72 00 6F 00 66 00 69 00 6C .t.\.p.r .o.f.i.l >[0180] 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .e...... ........ >[0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[01B0] 00 00 00 00 00 EC 04 00 00 00 00 00 00 15 00 00 ........ ........ >[01C0] 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ........ ........ >[01D0] FF FF FF FF FF FF 00 00 00 00 00 00 00 ........ ..... >got smb length of 132 >got message type 0x0 of len 0x84 >Transaction 200 of length 136 (0 toread) >size=132 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12803 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 48 (0x30) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=65 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... >[0020] 00 18 00 00 00 00 00 03 00 00 00 00 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 04 00 00 ......K. .)2..... >[0040] 00 . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=48 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 48 >write_to_pipe: data_left = 48 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 48 >fill_rpc_header: data_to_copy = 48, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 32 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 32 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000009 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 32 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 32, incoming data = 32 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000018 > 0004 context_id: 0000 > 0006 opnum : 0003 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x3 - api_rpcTNP: rpc command: SAMR_QUERYSECURITY >api_rpc_cmds[3].fn == 0x7fb6239446c8 > samr_QuerySecurity: struct samr_QuerySecurity > in: struct samr_QuerySecurity > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-834b-a58c29320000 > sec_info : 0x00000004 (4) > 0: SECINFO_OWNER > 0: SECINFO_GROUP > 1: SECINFO_DACL > 0: SECINFO_SACL > 0: SECINFO_UNPROTECTED_SACL > 0: SECINFO_UNPROTECTED_DACL > 0: SECINFO_PROTECTED_SACL > 0: SECINFO_PROTECTED_DACL >Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_QuerySecurity: querying security on SID: S-1-5-21-783145419-1966905550-2589541370-1000 >_samr_QuerySecurity: access check ((granted: 0x000f05ff; required: 0x00020000) >_samr_QuerySecurity: querying security on Object with SID: S-1-5-21-783145419-1966905550-2589541370-1000 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >User:[root] > samr_QuerySecurity: struct samr_QuerySecurity > out: struct samr_QuerySecurity > sdbuf : * > sdbuf : * > sdbuf: struct sec_desc_buf > sd_size : 0x00000084 (132) > sd : * > sd: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : NULL > group_sid : NULL > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x0070 (112) > num_aces : 0x00000004 (4) > aces: ARRAY(4) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x0002035b (131931) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x000f07ff (985087) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x000f07ff (985087) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-548 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x00 (0) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x00020044 (131140) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-783145419-1966905550-2589541370-1000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 1560 >write_to_pipe: data_used = 32 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 152. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b0 > 000a auth_len : 0000 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000098 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..176] (align 0) >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12803 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 176 (0xB0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 176 (0xB0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=177 >[0000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 09 00 00 ........ ........ >[0010] 00 98 00 00 00 00 00 00 00 00 00 02 00 84 00 00 ........ ........ >[0020] 00 04 00 02 00 84 00 00 00 01 00 04 80 00 00 00 ........ ........ >[0030] 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 70 ........ .......p >[0040] 00 04 00 00 00 00 00 14 00 5B 03 02 00 01 01 00 ........ .[...... >[0050] 00 00 00 00 01 00 00 00 00 00 00 18 00 FF 07 0F ........ ........ >[0060] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. >[0070] 00 00 00 18 00 FF 07 0F 00 01 02 00 00 00 00 00 ........ ........ >[0080] 05 20 00 00 00 24 02 00 00 00 00 24 00 44 00 02 . ...$.. ...$.D.. >[0090] 00 01 05 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ >[00A0] 2E CE 98 3C 75 FA 43 59 9A E8 03 00 00 00 00 00 ...<u.CY ........ >[00B0] 00 . >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 201 of length 132 (0 toread) >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12867 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=61 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... >[0020] 00 14 00 00 00 00 00 27 00 00 00 00 00 06 00 00 .......' ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000a >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0027 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x27 - api_rpcTNP: rpc command: SAMR_GETGROUPSFORUSER >api_rpc_cmds[39].fn == 0x7fb62393f3c0 > samr_GetGroupsForUser: struct samr_GetGroupsForUser > in: struct samr_GetGroupsForUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-834b-a58c29320000 >_samr_GetGroupsForUser: 3287 >Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_GetGroupsForUser: access check ((granted: 0x000f05ff; required: 0x00000100) >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: maximum password age, val: -1 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_username: setting username root, was >pdb_set_domain: setting domain TESTPC, was >pdb_set_nt_username: setting nt username , was >pdb_set_full_name: setting full name root, was >Home server: testpc >pdb_set_homedir: setting home dir \\testpc\root, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >Home server: testpc >pdb_set_profile_path: setting profile path \\testpc\root\profile, was >pdb_set_workstations: setting workstations , was >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >account_policy_get: name: password history, val: 0 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >sys_getgrouplist: user [root] >Cache entry with key = IDMAP/GID2SID/104 couldn't be found >gid_to_sid: winbind failed to find a sid for gid 104 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >LEGACY: gid 104 -> sid S-1-22-2-104 >Finding user root >Trying _Get_Pwnam(), username as lowercase is root >Get_Pwnam_internals did find user [root]! >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 >Found sid S-1-22-2-0 not in our domain >Found sid S-1-22-2-104 not in our domain >_samr_GetGroupsForUser: 3381 > samr_GetGroupsForUser: struct samr_GetGroupsForUser > out: struct samr_GetGroupsForUser > rids : * > rids : * > rids: struct samr_RidWithAttributeArray > count : 0x00000001 (1) > rids : * > rids: ARRAY(1) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 872 >write_to_pipe: data_used = 28 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000001c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 >copy_trans_params_and_data: params[0..0] data[0..52] (align 0) >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12867 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 52 (0x34) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 52 (0x34) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=53 >[0000] 00 05 00 02 03 10 00 00 00 34 00 00 00 0A 00 00 ........ .4...... >[0010] 00 1C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[0020] 00 04 00 02 00 01 00 00 00 01 02 00 00 07 00 00 ........ ........ >[0030] 00 00 00 00 00 ..... >got smb length of 212 >got message type 0x0 of len 0xd4 >Transaction 202 of length 216 (0 toread) >size=212 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12931 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 128 (0x80) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=145 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 80 00 00 00 0B 00 00 ........ ........ >[0020] 00 68 00 00 00 00 00 10 00 00 00 00 00 05 00 00 .h...... ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 02 00 00 ......K. .)2..... >[0040] 00 58 9A 0C 00 02 00 00 00 90 40 FD 04 C8 2C 0E .X...... ..@...,. >[0050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[0060] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A E8 03 00 .......< u.CY.... >[0070] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[0080] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A 01 02 00 .......< u.CY.... >[0090] 00 . >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=128 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 128 >write_to_pipe: data_left = 128 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 >fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 112 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0080 > 000a auth_len : 0000 > 000c call_id : 0000000b >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 112 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000068 > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x10 - api_rpcTNP: rpc command: SAMR_GETALIASMEMBERSHIP >api_rpc_cmds[16].fn == 0x7fb623942718 > samr_GetAliasMembership: struct samr_GetAliasMembership > in: struct samr_GetAliasMembership > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-834b-a58c29320000 > sids : * > sids: struct lsa_SidArray > num_sids : 0x00000002 (2) > sids : * > sids: ARRAY(2) > sids: struct lsa_SidPtr > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370-1000 > sids: struct lsa_SidPtr > sid : * > sid : S-1-5-21-783145419-1966905550-2589541370-513 >_samr_GetAliasMembership: 5341 >Found policy hnd[1] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >_samr_GetAliasMembership: access check ((granted: 0x00000290; required: 0x00000080) >_samr_GetAliasMembership: access check ((granted: 0x00000290; required: 0x00000200) >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 > samr_GetAliasMembership: struct samr_GetAliasMembership > out: struct samr_GetAliasMembership > rids : * > rids: struct samr_Ids > count : 0x00000000 (0) > ids : * > ids: ARRAY(0) > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 140 >write_to_pipe: data_used = 112 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af40 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af40 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075ae0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075ae0 >copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12931 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0B 00 00 ........ .(...... >[0010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ........ >[0020] 00 00 00 00 00 00 00 00 00 ........ . >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 203 of length 132 (0 toread) >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12995 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=61 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0C 00 00 ........ .,...... >[0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000c >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >api_rpc_cmds[1].fn == 0x7fb623944b28 > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-834b-a58c29320000 >Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Closed policy >free_samr_cache: deleting cache for SID S-1-5-21-783145419-1966905550-2589541370 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624094420 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624094420 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=12995 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0030] 00 . >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 204 of length 132 (0 toread) >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=13059 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=61 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 ........ .,...... >[0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000d >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >api_rpc_cmds[1].fn == 0x7fb623944b28 > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-834b-a58c29320000 >Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Closed policy >free_samr_cache: deleting cache for SID S-1-5-21-783145419-1966905550-2589541370 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >api_rpcTNP: called \samr successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 > name: \samr len: 1024 >read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 >s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 >copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=13059 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... >[0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0030] 00 . >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 205 of length 132 (0 toread) >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=1596 >smb_uid=100 >smb_mid=13123 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=20149 (0x4EB5) >smb_bcc=61 >[0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0E 00 00 ........ .,...... >[0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ >[0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. >switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >Got API command 0x26 on pipe "samr" (pnum 4eb5) >api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 >np_write_send: len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000e >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\\samr >api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >api_rpc_cmds[1].fn == 0x7fb623944b28 > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-834b-a58c29320000 >Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. >[0010] 29 32 00 00 )2.. >Closed policy >free_samr_cache: deleting cache for SID S-1-5-32 >push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_c