open_winbindd_priv_socket: opened socket fd 17 [2004/10/05 13:40:21, 6] nsswitch/winbindd.c:new_connection(354) accepted socket 18 [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn INTERFACE_VERSION [2004/10/05 13:40:21, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [24277]: request interface version [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/10/05 13:40:21, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [24277]: request location of privileged pipe [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(568) client_write: need to write 35 extra data bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 35 bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(557) client_write: client_write: complete response written. [2004/10/05 13:40:21, 6] nsswitch/winbindd.c:new_connection(354) accepted socket 19 [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 0 bytes. Need 1824 more for a full request. [2004/10/05 13:40:21, 5] nsswitch/winbindd.c:winbind_client_read(476) read failed on sock 18, pid 24277: EOF [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn PING [2004/10/05 13:40:21, 3] nsswitch/winbindd_misc.c:winbindd_ping(238) [24277]: ping [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn GID_TO_SID [2004/10/05 13:40:21, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374) [24277]: gid to sid 65533 [2004/10/05 13:40:21, 10] sam/idmap_util.c:idmap_gid_to_sid(126) idmap_gid_to_sid: gid = [65533] [2004/10/05 13:40:21, 10] sam/idmap_tdb.c:db_get_sid_from_id(283) db_get_sid_from_id: id_type_in = 0x2 [2004/10/05 13:40:21, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 65533 [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(272) fetch_cache_seqnum: invalid data size key [SEQNUM/FR] [2004/10/05 13:40:21, 3] nsswitch/winbindd_ads.c:sequence_number(792) ads: fetch sequence_number for FR [2004/10/05 13:40:21, 7] nsswitch/winbindd_ads.c:ads_cached_connection(48) Current tickets expire at 1097012358, time is now 1096976421 [2004/10/05 13:40:21, 5] libads/ldap_utils.c:ads_do_search_retry(56) Search for (objectclass=*) gave 1 replies [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(325) store_cache_seqnum: success [FR][836088 @ 1096976421] [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386) refresh_sequence_number: FR seq number is now 836088 [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:name_to_sid(982) name_to_sid: [Cached] - doing backend query for name for domain FR [2004/10/05 13:40:21, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(291) rpc: name_to_sid name=nobody [2004/10/05 13:40:21, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(300) name_to_sid [rpc] nobody for domain FR [2004/10/05 13:40:21, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=FR [2004/10/05 13:40:21, 6] libads/ldap.c:ads_find_dc(176) ads_find_dc: looking for realm 'FR.PH-BW.NET' [2004/10/05 13:40:21, 8] libsmb/namequery.c:get_sorted_dc_list(1416) get_sorted_dc_list: attempting lookup using [ads] [2004/10/05 13:40:21, 10] libsmb/namequery.c:internal_resolve_name(1010) internal_resolve_name: looking up FR.PH-BW.NET#1c [2004/10/05 13:40:21, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/FR.PH-BW.NET#1C, value = 193.196.151.105:389,193.197.136.66:389,193.197.136.65:389, timeout = Tue Oct 5 13:50:18 2004 [2004/10/05 13:40:21, 5] libsmb/namecache.c:namecache_fetch(201) name FR.PH-BW.NET#1C found. [2004/10/05 13:40:21, 8] libsmb/namequery.c:get_dc_list(1298) Adding 3 DC's from auto lookup [2004/10/05 13:40:21, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/10/05 13:40:21, 4] libsmb/namequery.c:get_dc_list(1389) get_dc_list: returning 3 ip addresses in an ordered list [2004/10/05 13:40:21, 4] libsmb/namequery.c:get_dc_list(1390) get_dc_list: 193.197.136.65:389 193.197.136.66:389 193.196.151.105:389 [2004/10/05 13:40:21, 5] libads/ldap.c:ads_try_connect(85) ads_try_connect: trying ldap server '193.197.136.65' port 389 [2004/10/05 13:40:21, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 193.197.136.65 [2004/10/05 13:40:21, 3] libads/ldap.c:ads_server_info(2324) got ldap server name frmpdc01@FR.PH-BW.NET, using bind path: dc=FR,dc=PH-BW,dc=NET [2004/10/05 13:40:21, 4] libads/ldap.c:ads_server_info(2330) time offset is 0 seconds [2004/10/05 13:40:21, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='FRMPDC01' IP=193.197.136.65 [2004/10/05 13:40:21, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2004/10/05 13:40:21, 10] passdb/secrets.c:secrets_named_mutex(702) secrets_named_mutex: got mutex for FRMPDC01 [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=FRMPDC01 [2004/10/05 13:40:21, 3] lib/util_sock.c:open_socket_out(752) Connecting to 193.197.136.65 at port 445 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/05 13:40:21, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,183) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,183) wrote 183 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 179 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=179 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=24256 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=57472 (0xE080) smb_vwv[12]=35304 (0x89E8) smb_vwv[13]=53272 (0xD018) smb_vwv[14]=50346 (0xC4AA) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=110 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 02 BB A6 8D 50 1D 40 41 87 C3 8C 2F D6 96 4E 1C .»¦.P.@A .Ã./Ö.N. [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1C 30 1A A0 18 1B 16 66 72 6D 70 64 63 30 31 £.0. ... frmpdc01 [060] 24 40 46 52 2E 50 48 2D 42 57 2E 4E 45 54 $@FR.PH- BW.NET [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=179 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=24256 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=57472 (0xE080) smb_vwv[12]=35304 (0x89E8) smb_vwv[13]=53272 (0xD018) smb_vwv[14]=50346 (0xC4AA) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=110 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 02 BB A6 8D 50 1D 40 41 87 C3 8C 2F D6 96 4E 1C .»¦.P.@A .Ã./Ö.N. [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1C 30 1A A0 18 1B 16 66 72 6D 70 64 63 30 31 £.0. ... frmpdc01 [060] 24 40 46 52 2E 50 48 2D 42 57 2E 4E 45 54 $@FR.PH- BW.NET [2004/10/05 13:40:21, 5] nsswitch/winbindd_cm.c:cm_open_connection(275) connecting to FRMPDC01 from FRLPWW01 with kerberos principal [FRLPWW01$@FR.PH-BW.NET] [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2004/10/05 13:40:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=frmpdc01$@FR.PH-BW.NET [2004/10/05 13:40:21, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2004/10/05 13:40:21, 4] libsmb/clikrb5.c:ads_krb5_mk_req(328) Adjusting clock by -63 seconds to cope with clock skew [2004/10/05 13:40:21, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(252) Ticket in ccache[MEMORY:cliconnect] expiration Die, 05 Okt 2004 23:39:18 GMT [2004/10/05 13:40:21, 10] libsmb/clikrb5.c:ads_krb5_mk_req(338) Ticket (frmpdc01$@FR.PH-BW.NET) in ccache (MEMORY:cliconnect) is valid until: (Die, 05 Okt 2004 23:39:18 GMT - 1097012358) [2004/10/05 13:40:21, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(448) Got KRB5 session key of length 16 [2004/10/05 13:40:21, 5] libsmb/smb_signing.c:set_smb_signing_real_common(128) Mandatory SMB signing enabled! [2004/10/05 13:40:21, 5] libsmb/smb_signing.c:set_smb_signing_real_common(132) SMB signing enabled! [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_simple_set_signing(464) cli_simple_set_signing: user_session_key [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] B9 C7 D7 B0 D4 73 83 D1 E5 A7 38 95 51 54 24 8B ¹Ç×°Ôs.Ñ å§8.QT$. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_simple_set_signing(472) cli_simple_set_signing: NULL response_data [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 0 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 53 05 EB 07 6C 9B FD 44 S.ë.l.ýD [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 1 mid = 2 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,1238) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,1238) wrote 1238 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 167 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=167 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=24256 smb_uid=6144 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 167 (0xA7) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=124 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H [010] 82 F7 12 01 02 02 A2 02 04 00 02 57 00 69 00 6E .÷....¢. ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i [050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0 [070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2.. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 1 mid = 2 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 1 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 1: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 3D B6 8F 29 7D 03 95 FE =¶.)}..þ [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=167 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=24256 smb_uid=6144 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 167 (0xA7) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=124 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H [010] 82 F7 12 01 02 02 A2 02 04 00 02 57 00 69 00 6E .÷....¢. ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i [050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0 [070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2.. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 2 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 82 DB 3D 44 8B C7 D7 D2 .Û=D.Ç×Ò [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 3 mid = 3 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,84) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,84) wrote 84 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 48 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 49 50 43 00 00 00 00 IPC.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 3 mid = 3 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 3 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 3: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 57 32 FC D3 57 DC 6E 54 W2üÓWÜnT [2004/10/05 13:40:21, 10] libsmb/clientgen.c:cli_init_creds(217) cli_init_creds: user domain [2004/10/05 13:40:21, 10] passdb/secrets.c:secrets_named_mutex_release(714) secrets_named_mutex: released mutex for FRMPDC01 [2004/10/05 13:40:21, 4] passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 4 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 14 69 65 EA CD 4C 09 7E .ieêÍL.~ [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 5 mid = 4 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,108) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,108) wrote 108 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 103 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3328 (0xD00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 5 mid = 4 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 5 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 5: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 4A 55 34 6A D3 4C 8A C8 JU4jÓL.È [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1319) Bind RPC Pipe[400d]: \PIPE\NETLOGON [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:valid_pipe_name(1215) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:valid_pipe_name(1218) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000010 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400d [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16397 (0x400D) smb_bcc=87 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 10 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 6 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 51 85 EC B3 04 3A 1F A2 Q.ì³.:.¢ [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 7 mid = 5 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,158) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,158) wrote 158 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 7 mid = 5 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 124 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 H....... .D...... [010] 00 B8 10 B8 10 64 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.d'. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 7 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 7: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 04 F1 3A F0 9F 2C 15 5D .ñ:ð.,.] [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 H....... .D...... [010] 00 B8 10 B8 10 64 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.d'. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000010 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1395) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00002764 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:check_bind_response(1271) bind_rpc_pipe: accepted! [2004/10/05 13:40:21, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from FRLPWW01 to FRMPDC01: B30C6894E2A78FCA [2004/10/05 13:40:21, 5] rpc_parse/parse_net.c:init_q_req_chal(676) init_q_req_chal: 676 [2004/10/05 13:40:21, 5] rpc_parse/parse_net.c:init_q_req_chal(685) init_q_req_chal: 685 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000046 smb_io_chal [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0046 data: b3 0c 68 94 e2 a7 8f ca [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0x4 data_len: 0x66 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0066 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000011 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000056 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400d [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 102 (0x66) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 102 (0x66) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16397 (0x400D) smb_bcc=117 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 66 00 00 00 11 00 00 00 56 .......f .......V [020] 00 00 00 00 00 04 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 09 .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 09 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 00 00 B3 0C 68 .P.W.W.0 .1...³.h [070] 94 E2 A7 8F CA .â§.Ê [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 8 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] D7 70 E0 DD 7F 4E 7F 30 ×pàÝ.N.0 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 9 mid = 6 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,188) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,188) wrote 188 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 9 mid = 6 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 92 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 66 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 f....... .$...... [010] 00 0C 00 00 00 00 00 00 00 A7 BC 2B FC 4D 75 D9 ........ .§¼+üMuÙ [020] EE 00 00 00 00 î.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 9 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 9: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] BA 2A A1 6F 2E 70 0F F9 º*¡o.p.ù [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 66 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 f....... .$...... [010] 00 0C 00 00 00 00 00 00 00 A7 BC 2B FC 4D 75 D9 ........ .§¼+üMuÙ [020] EE 00 00 00 00 î.... [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000011 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: a7 bc 2b fc 4d 75 d9 ee [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/10/05 13:40:21, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: B30C6894E2A78FCA [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : A7BC2BFC4D75D9EE [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : 5AC993902F1D69B9 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_session_key(64) sess_key : D7356256D6671B26 [2004/10/05 13:40:21, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(92) sess_key : D7356256D6671B26 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(93) stor_cred: B30C6894E2A78FCA [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(95) timecred : B30C6894E2A78FCA [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(96) calc_cred: E5E7275E9DE2718E [2004/10/05 13:40:21, 4] rpc_client/cli_netlogon.c:cli_net_auth2(108) cli_net_auth2: srv:\\FRMPDC01 acct:FRLPWW01$ sc:2 mc: FRLPWW01 chal E5E7275E9DE2718E neg: 400701ff [2004/10/05 13:40:21, 5] rpc_parse/parse_net.c:init_q_auth_2(797) init_q_auth_2: 797 [2004/10/05 13:40:21, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/10/05 13:40:21, 5] rpc_parse/parse_net.c:init_q_auth_2(803) init_q_auth_2: 803 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 unistr2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 0000000a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 0000000a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1.$... [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0048 sec_chan: 0002 [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004a smb_io_unistr2 unistr2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_max_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_str_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0058 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00006a smb_io_chal [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 006a data: e5 e7 27 5e 9d e2 71 8e [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 net_io_neg_flags [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 neg_flags: 400701ff [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xf data_len: 0x90 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 90 auth_len: 0 alloc_hint: 80 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0090 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000012 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000080 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400d [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=226 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16397 (0x400D) smb_bcc=159 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 00 00 00 12 00 00 00 80 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 0A .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 0A 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 24 00 00 00 02 .P.W.W.0 .1.$.... [070] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 46 ........ .......F [080] 00 52 00 4C 00 50 00 57 00 57 00 30 00 31 00 00 .R.L.P.W .W.0.1.. [090] 00 E5 E7 27 5E 9D E2 71 8E 00 00 FF 01 07 40 .åç'^.âq ...ÿ..@ [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 10 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] AF 06 66 FA 83 CA 5D 6E ¯.fú.Ê]n [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 11 mid = 7 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,230) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,230) wrote 230 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 11 mid = 7 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 96 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 1F C1 28 98 EC 28 46 ........ ..Á(.ì(F [020] 71 FF 01 07 40 00 00 00 00 qÿ..@... . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 11 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 11: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 54 18 1C 60 71 E9 C4 85 T..`qéÄ. [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 1F C1 28 98 EC 28 46 ........ ..Á(.ì(F [020] 71 FF 01 07 40 00 00 00 00 qÿ..@... . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000012 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 1f c1 28 98 ec 28 46 71 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/10/05 13:40:21, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(92) sess_key : D7356256D6671B26 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(93) stor_cred: A7BC2BFC4D75D9EE [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(95) timecred : A7BC2BFC4D75D9EE [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_create(96) calc_cred: 1FC12898EC284671 [2004/10/05 13:40:21, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_assert(123) challenge : 1FC12898EC284671 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_assert(124) calculated: 1FC12898EC284671 [2004/10/05 13:40:21, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 12 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] CE 1A 98 48 E4 E6 82 2A Î..Häæ.* [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 13 mid = 8 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,104) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,104) wrote 104 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 103 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 13 mid = 8 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 13 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 13: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 6B 7A D8 66 4C EB C3 CF kzØfLëÃÏ [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1319) Bind RPC Pipe[400e]: \PIPE\lsarpc [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:valid_pipe_name(1215) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:valid_pipe_name(1218) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/10/05 13:40:21, 6] lib/util.c:dump_data(1835) [000] 46 52 FR [2004/10/05 13:40:21, 6] lib/util.c:dump_data(1835) [000] 46 52 4C 50 57 57 30 31 FRLPWW01 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0064 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0014 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000013 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345778 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 89 ab [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000000 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400e [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=182 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=115 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 64 00 14 00 13 00 00 00 B8 .......d .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 46 52 00 46 52 4C 50 57 57 .......F R.FRLPWW [070] 30 31 00 01. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 14 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 5E BE 93 70 A4 6D 79 9E ^¾.p¤my. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 15 mid = 9 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,186) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,186) wrote 186 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 15 mid = 9 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 144 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 d....... .X...... [010] 00 B8 10 B8 10 65 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.e'. ...\PIPE [020] 5C 6C 73 61 73 73 00 2D ED 01 00 00 00 00 00 00 \lsass.- í....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 15 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 15: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 76 CD 1B 5B FD 80 2E CE vÍ.[ý..Î [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 d....... .X...... [010] 00 B8 10 B8 10 65 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.e'. ...\PIPE [020] 5C 6C 73 61 73 73 00 2D ED 01 00 00 00 00 00 00 \lsass.- í....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000013 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1395) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00002765 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:check_bind_response(1271) bind_rpc_pipe: accepted! [2004/10/05 13:40:21, 5] rpc_parse/parse_lsa.c:init_q_open_pol(274) init_open_pol: attr:0 da:33554432 [2004/10/05 13:40:21, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 system_name: 005c [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_obj_attr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 len : 00000018 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c ptr_root_dir: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 ptr_obj_name: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 attributes : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_sec_desc: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c ptr_sec_qos : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 des_access: 02000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0029 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002a padding : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002b reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c auth_context : 00000001 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=0 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=0 data_len=40 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0030 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 seq_num: ab 11 61 6d 2d 57 d7 3f [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0040 packet_digest: 46 fe 62 81 ef 8f 88 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0048 confounder: 69 08 2a 17 bb 10 c7 71 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0x6 data_len: 0x68 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0068 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000014 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000030 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0006 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400e [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=119 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 20 00 14 00 00 00 30 .......h . .....0 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 44 ........ .......D [050] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 AB .......w .ÿÿÿÿ..« [060] 11 61 6D 2D 57 D7 3F 46 FE 62 81 EF 8F 88 10 69 .am-W×?F þb.ï...i [070] 08 2A 17 BB 10 C7 71 .*.».Çq [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 16 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] DA 9C 52 EB 99 EF DA 44 Ú.Rë.ïÚD [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 17 mid = 10 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,190) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,190) wrote 190 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 17 mid = 10 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 152 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 68 05 00 02 03 10 00 00 00 60 00 20 00 14 00 00 h....... .`. .... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 30 88 FE ........ .....0.þ [020] BC 1E F4 A9 48 9E 87 22 42 C3 5B 37 2A 00 00 00 ¼.ô©H.." BÃ[7*... [030] 00 00 00 00 00 00 00 00 00 44 05 08 00 01 00 00 ........ .D...... [040] 00 77 00 FF FF FF FF 00 00 7C EF 8D F3 DF 92 C2 .w.ÿÿÿÿ. .|ï.óß. [050] 15 19 E9 35 50 B9 56 C1 A2 00 00 00 00 00 00 00 ..é5P¹VÁ ¢....... [060] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 17 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 17: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] B9 E9 2C E8 BF 9F 17 4A ¹é,è¿..J [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 68 05 00 02 03 10 00 00 00 60 00 20 00 14 00 00 h....... .`. .... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 30 88 FE ........ .....0.þ [020] BC 1E F4 A9 48 9E 87 22 42 C3 5B 37 2A 00 00 00 ¼.ô©H.." BÃ[7*... [030] 00 00 00 00 00 00 00 00 00 44 05 08 00 01 00 00 ........ .D...... [040] 00 77 00 FF FF FF FF 00 00 7C EF 8D F3 DF 92 C2 .w.ÿÿÿÿ. .|ï.óß. [050] 15 19 E9 35 50 B9 56 C1 A2 00 00 00 00 00 00 00 ..é5P¹VÁ ¢....... [060] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 96 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0060 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000014 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 96 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 08 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: 7c ef 8d f3 df 92 c2 15 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 19 e9 35 50 b9 56 c1 a2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=1 data_len=32 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=1 data_len=32 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_open_pol [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_pol_hnd [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 data1: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c data2: bcfe8830 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0020 data3: f41e [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0022 data4: 48a9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0024 data5: 9e 87 22 42 c3 5b 37 2a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 002c status: NT_STATUS_OK [2004/10/05 13:40:21, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1062) init_q_lookup_names [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_lookup_names [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: bcfe8830 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: f41e [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 48a9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 9e 87 22 42 c3 5b 37 2a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 num_entries : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_entries2 : 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unihdr hdr_name [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c uni_str_len: 0012 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e uni_max_len: 0012 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 buffer : 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 dom_name [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_max_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_str_len: 00000009 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0030 buffer : F.R.\.n.o.b.o.d.y. [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 num_trans_entries : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 ptr_trans_sids : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c lookup_level : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 mapped_count : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0058 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0059 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005a padding : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005b reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c auth_context : 00000001 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=2 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=2 data_len=88 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0060 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 seq_num: 75 7e bc cc 6a ee 64 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0070 packet_digest: c3 07 6f 62 48 0b 88 d8 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0078 confounder: 41 66 f3 ed d2 21 4e b7 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xe data_len: 0x98 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 98 auth_len: 20 alloc_hint: 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000015 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000060 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000e [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400e [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=167 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 20 00 15 00 00 00 60 ........ . .....` [020] 00 00 00 00 00 0E 00 00 00 00 00 30 88 FE BC 1E ........ ...0.þ¼. [030] F4 A9 48 9E 87 22 42 C3 5B 37 2A 01 00 00 00 01 ô©H.."Bà [7*..... [040] 00 00 00 12 00 12 00 01 00 00 00 09 00 00 00 00 ........ ........ [050] 00 00 00 09 00 00 00 46 00 52 00 5C 00 6E 00 6F .......F .R.\.n.o [060] 00 62 00 6F 00 64 00 79 00 00 00 00 00 00 00 00 .b.o.d.y ........ [070] 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 44 ........ .......D [080] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 75 .......w .ÿÿÿÿ..u [090] 7E BC CC 6A EE 64 05 C3 07 6F 62 48 0B 88 D8 41 ~¼Ìjîd.à .obH..ØA [0A0] 66 F3 ED D2 21 4E B7 fóíÒ!N· [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 18 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] D0 C1 72 98 FE 53 96 9A ÐÁr.þS.. [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 19 mid = 11 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,238) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,238) wrote 238 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 19 mid = 11 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 232 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 98 05 00 02 03 10 00 00 00 B0 00 20 00 15 00 00 ........ .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 73 00 00 C0 00 00 00 00 44 05 04 00 01 00 00 .s..À... .D...... [090] 00 77 00 FF FF FF FF 00 00 E6 F6 E0 CF 29 79 9B .w.ÿÿÿÿ. .æöàÏ)y. [0A0] 80 79 2E F2 D2 7C C0 0A 79 00 00 00 00 00 00 00 .y.òÒ|À. y....... [0B0] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 19 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 19: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 91 B0 64 74 17 0C 22 64 .°dt.."d [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 98 05 00 02 03 10 00 00 00 B0 00 20 00 15 00 00 ........ .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 73 00 00 C0 00 00 00 00 44 05 04 00 01 00 00 .s..À... .D...... [090] 00 77 00 FF FF FF FF 00 00 E6 F6 E0 CF 29 79 9B .w.ÿÿÿÿ. .æöàÏ)y. [0A0] 80 79 2E F2 D2 7C C0 0A 79 00 00 00 00 00 00 00 .y.òÒ|À. y....... [0B0] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 176 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b0 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000015 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000006c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 176 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 176 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: e6 f6 e0 cf 29 79 9b 80 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 79 2e f2 d2 7c c0 0a 79 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=3 data_len=112 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=3 data_len=112 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_lookup_names [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_dom_ref: 00020000 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c lsa_io_dom_r_ref [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c num_ref_doms_1: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 ptr_ref_dom : 00020004 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 max_entries : 00000020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 num_ref_doms_2: 00000001 [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unihdr dom_ref[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c uni_str_len: 0004 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e uni_max_len: 0006 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 buffer : 00020008 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 sid_ptr[0] : 0002000c [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unistr2 dom_ref[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_max_len: 00000003 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 uni_str_len: 00000002 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0044 buffer : F.R. [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_dom_sid2 sid_ptr[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 num_auths: 00000004 [2004/10/05 13:40:21, 8] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_dom_sid sid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004c sid_rev_num: 01 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004d num_auths : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004e id_auth[0] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004f id_auth[1] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0050 id_auth[2] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0051 id_auth[3] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0052 id_auth[4] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0053 id_auth[5] : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0054 sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 num_entries: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 ptr_entries: 00020010 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c num_entries2: 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_dom_rid2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0070 type : 08 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 rid : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 rid_idx: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c mapped_count: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0080 status : NT_STATUS_NONE_MAPPED [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(622) wcache_save_name_to_sid: NOBODY -> [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn GID_TO_SID [2004/10/05 13:40:21, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374) [24277]: gid to sid 65534 [2004/10/05 13:40:21, 10] sam/idmap_util.c:idmap_gid_to_sid(126) idmap_gid_to_sid: gid = [65534] [2004/10/05 13:40:21, 10] sam/idmap_tdb.c:db_get_sid_from_id(283) db_get_sid_from_id: id_type_in = 0x2 [2004/10/05 13:40:21, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 65534 [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(355) refresh_sequence_number: FR time ok [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386) refresh_sequence_number: FR seq number is now 836088 [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:name_to_sid(982) name_to_sid: [Cached] - doing backend query for name for domain FR [2004/10/05 13:40:21, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(291) rpc: name_to_sid name=nogroup [2004/10/05 13:40:21, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(300) name_to_sid [rpc] nogroup for domain FR [2004/10/05 13:40:21, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1062) init_q_lookup_names [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_lookup_names [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: bcfe8830 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: f41e [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 48a9 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 9e 87 22 42 c3 5b 37 2a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 num_entries : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_entries2 : 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unihdr hdr_name [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c uni_str_len: 0014 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e uni_max_len: 0014 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 buffer : 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 dom_name [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_max_len: 0000000a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_str_len: 0000000a [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0030 buffer : F.R.\.n.o.g.r.o.u.p. [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 num_trans_entries : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 ptr_trans_sids : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c lookup_level : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 mapped_count : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0058 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0059 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005a padding : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005b reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c auth_context : 00000001 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=4 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=4 data_len=88 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0060 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 seq_num: 92 fd d9 6c 91 8c 07 e0 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0070 packet_digest: bc 09 cd d6 df 5c 87 50 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0078 confounder: 8a 38 b6 18 fc bf 2e a9 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xe data_len: 0x98 [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 98 auth_len: 20 alloc_hint: 60 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000016 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000060 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000e [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400e [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=167 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 20 00 16 00 00 00 60 ........ . .....` [020] 00 00 00 00 00 0E 00 00 00 00 00 30 88 FE BC 1E ........ ...0.þ¼. [030] F4 A9 48 9E 87 22 42 C3 5B 37 2A 01 00 00 00 01 ô©H.."Bà [7*..... [040] 00 00 00 14 00 14 00 01 00 00 00 0A 00 00 00 00 ........ ........ [050] 00 00 00 0A 00 00 00 46 00 52 00 5C 00 6E 00 6F .......F .R.\.n.o [060] 00 67 00 72 00 6F 00 75 00 70 00 00 00 00 00 00 .g.r.o.u .p...... [070] 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 44 ........ .......D [080] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 92 .......w .ÿÿÿÿ... [090] FD D9 6C 91 8C 07 E0 BC 09 CD D6 DF 5C 87 50 8A ýÙl...༠.ÍÖß\.P. [0A0] 38 B6 18 FC BF 2E A9 8¶.ü¿.© [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 20 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 99 C7 7B 8E 12 07 E5 E4 .Ç{...åä [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 21 mid = 12 [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(449) write_socket(18,238) [2004/10/05 13:40:21, 6] lib/util_sock.c:write_socket(452) write_socket(18,238) wrote 238 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 21 mid = 12 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 [2004/10/05 13:40:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 232 [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 98 05 00 02 03 10 00 00 00 B0 00 20 00 16 00 00 ........ .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 08 00 04 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 73 00 00 C0 00 00 00 00 44 05 04 00 01 00 00 .s..À... .D...... [090] 00 77 00 FF FF FF FF 00 00 AE 88 30 AA 14 71 2F .w.ÿÿÿÿ. .®.0ª.q/ [0A0] 6F 17 2B 2D D3 0A 72 67 F4 00 00 00 00 00 00 00 o.+-Ó.rg ô....... [0B0] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 21 [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 21: got good SMB signature of [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] A5 B6 5E 2E C5 9C 57 09 ¥¶^.Å.W. [2004/10/05 13:40:21, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:21, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:21, 10] lib/util.c:dump_data(1835) [000] 98 05 00 02 03 10 00 00 00 B0 00 20 00 16 00 00 ........ .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 08 00 04 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 73 00 00 C0 00 00 00 00 44 05 04 00 01 00 00 .s..À... .D...... [090] 00 77 00 FF FF FF FF 00 00 AE 88 30 AA 14 71 2F .w.ÿÿÿÿ. .®.0ª.q/ [0A0] 6F 17 2B 2D D3 0A 72 67 F4 00 00 00 00 00 00 00 o.+-Ó.rg ô....... [0B0] 00 . [2004/10/05 13:40:21, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 176 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b0 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000016 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000006c [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 176 [2004/10/05 13:40:21, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 176 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:21, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: ae 88 30 aa 14 71 2f 6f [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 17 2b 2d d3 0a 72 67 f4 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=5 data_len=112 [2004/10/05 13:40:21, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=5 data_len=112 [2004/10/05 13:40:21, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_lookup_names [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_dom_ref: 00020000 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c lsa_io_dom_r_ref [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c num_ref_doms_1: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 ptr_ref_dom : 00020004 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 max_entries : 00000020 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 num_ref_doms_2: 00000001 [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unihdr dom_ref[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c uni_str_len: 0004 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e uni_max_len: 0006 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 buffer : 00020008 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 sid_ptr[0] : 0002000c [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unistr2 dom_ref[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_max_len: 00000003 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c offset : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 uni_str_len: 00000002 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0044 buffer : F.R. [2004/10/05 13:40:21, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_dom_sid2 sid_ptr[0] [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 num_auths: 00000004 [2004/10/05 13:40:21, 8] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_dom_sid sid [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004c sid_rev_num: 01 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004d num_auths : 04 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004e id_auth[0] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004f id_auth[1] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0050 id_auth[2] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0051 id_auth[3] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0052 id_auth[4] : 00 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0053 id_auth[5] : 05 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0054 sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 num_entries: 00000001 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 ptr_entries: 00020010 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c num_entries2: 00000001 [2004/10/05 13:40:21, 6] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_dom_rid2 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0070 type : 08 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 rid : 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 rid_idx: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c mapped_count: 00000000 [2004/10/05 13:40:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0080 status : NT_STATUS_NONE_MAPPED [2004/10/05 13:40:21, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(622) wcache_save_name_to_sid: NOGROUP -> [2004/10/05 13:40:21, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:23, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:23, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn PING [2004/10/05 13:40:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(238) [24277]: ping [2004/10/05 13:40:23, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:23, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:23, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn AUTH_CRAP [2004/10/05 13:40:23, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) [24277]: pam auth crap domain: fr user: wissenschaftlfr [2004/10/05 13:40:23, 8] lib/util.c:is_myname(1698) is_myname("fr") returns 0 [2004/10/05 13:40:23, 4] passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password [2004/10/05 13:40:23, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=FR [2004/10/05 13:40:23, 6] libads/ldap.c:ads_find_dc(176) ads_find_dc: looking for realm 'FR.PH-BW.NET' [2004/10/05 13:40:23, 8] libsmb/namequery.c:get_sorted_dc_list(1416) get_sorted_dc_list: attempting lookup using [ads] [2004/10/05 13:40:23, 10] libsmb/namequery.c:internal_resolve_name(1010) internal_resolve_name: looking up FR.PH-BW.NET#1c [2004/10/05 13:40:23, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/FR.PH-BW.NET#1C, value = 193.196.151.105:389,193.197.136.66:389,193.197.136.65:389, timeout = Tue Oct 5 13:50:18 2004 [2004/10/05 13:40:23, 5] libsmb/namecache.c:namecache_fetch(201) name FR.PH-BW.NET#1C found. [2004/10/05 13:40:23, 8] libsmb/namequery.c:get_dc_list(1298) Adding 3 DC's from auto lookup [2004/10/05 13:40:23, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/10/05 13:40:23, 4] libsmb/namequery.c:get_dc_list(1389) get_dc_list: returning 3 ip addresses in an ordered list [2004/10/05 13:40:23, 4] libsmb/namequery.c:get_dc_list(1390) get_dc_list: 193.197.136.65:389 193.197.136.66:389 193.196.151.105:389 [2004/10/05 13:40:23, 5] libads/ldap.c:ads_try_connect(85) ads_try_connect: trying ldap server '193.197.136.65' port 389 [2004/10/05 13:40:23, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 193.197.136.65 [2004/10/05 13:40:23, 3] libads/ldap.c:ads_server_info(2324) got ldap server name frmpdc01@FR.PH-BW.NET, using bind path: dc=FR,dc=PH-BW,dc=NET [2004/10/05 13:40:23, 4] libads/ldap.c:ads_server_info(2330) time offset is 0 seconds [2004/10/05 13:40:23, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='FRMPDC01' IP=193.197.136.65 [2004/10/05 13:40:23, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2004/10/05 13:40:23, 10] passdb/secrets.c:secrets_named_mutex(702) secrets_named_mutex: got mutex for FRMPDC01 [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=FRMPDC01 [2004/10/05 13:40:23, 3] lib/util_sock.c:open_socket_out(752) Connecting to 193.197.136.65 at port 445 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/05 13:40:23, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/05 13:40:23, 6] lib/util_sock.c:write_socket(449) write_socket(20,183) [2004/10/05 13:40:23, 6] lib/util_sock.c:write_socket(452) write_socket(20,183) wrote 183 [2004/10/05 13:40:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 179 [2004/10/05 13:40:23, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:23, 5] lib/util.c:show_msg(449) size=179 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=24256 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=10112 (0x2780) smb_vwv[12]= 1278 (0x4FE) smb_vwv[13]=53274 (0xD01A) smb_vwv[14]=50346 (0xC4AA) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=110 [2004/10/05 13:40:23, 10] lib/util.c:dump_data(1835) [000] 02 BB A6 8D 50 1D 40 41 87 C3 8C 2F D6 96 4E 1C .»¦.P.@A .Ã./Ö.N. [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1C 30 1A A0 18 1B 16 66 72 6D 70 64 63 30 31 £.0. ... frmpdc01 [060] 24 40 46 52 2E 50 48 2D 42 57 2E 4E 45 54 $@FR.PH- BW.NET [2004/10/05 13:40:23, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:23, 5] lib/util.c:show_msg(449) size=179 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=24256 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=10112 (0x2780) smb_vwv[12]= 1278 (0x4FE) smb_vwv[13]=53274 (0xD01A) smb_vwv[14]=50346 (0xC4AA) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=110 [2004/10/05 13:40:23, 10] lib/util.c:dump_data(1835) [000] 02 BB A6 8D 50 1D 40 41 87 C3 8C 2F D6 96 4E 1C .»¦.P.@A .Ã./Ö.N. [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1C 30 1A A0 18 1B 16 66 72 6D 70 64 63 30 31 £.0. ... frmpdc01 [060] 24 40 46 52 2E 50 48 2D 42 57 2E 4E 45 54 $@FR.PH- BW.NET [2004/10/05 13:40:23, 5] nsswitch/winbindd_cm.c:cm_open_connection(275) connecting to FRMPDC01 from FRLPWW01 with kerberos principal [FRLPWW01$@FR.PH-BW.NET] [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2004/10/05 13:40:23, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=frmpdc01$@FR.PH-BW.NET [2004/10/05 13:40:24, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2004/10/05 13:40:24, 4] libsmb/clikrb5.c:ads_krb5_mk_req(328) Adjusting clock by -66 seconds to cope with clock skew [2004/10/05 13:40:24, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(252) Ticket in ccache[MEMORY:cliconnect] expiration Die, 05 Okt 2004 23:39:18 GMT [2004/10/05 13:40:24, 10] libsmb/clikrb5.c:ads_krb5_mk_req(338) Ticket (frmpdc01$@FR.PH-BW.NET) in ccache (MEMORY:cliconnect) is valid until: (Die, 05 Okt 2004 23:39:18 GMT - 1097012358) [2004/10/05 13:40:24, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(448) Got KRB5 session key of length 16 [2004/10/05 13:40:24, 5] libsmb/smb_signing.c:set_smb_signing_real_common(128) Mandatory SMB signing enabled! [2004/10/05 13:40:24, 5] libsmb/smb_signing.c:set_smb_signing_real_common(132) SMB signing enabled! [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_simple_set_signing(464) cli_simple_set_signing: user_session_key [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 4D 52 0E 68 F4 2A FC 40 C1 15 2C 56 24 EA 00 DC MR.hô*ü@ Á.,V$ê.Ü [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_simple_set_signing(472) cli_simple_set_signing: NULL response_data [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 0 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] BA 14 D7 5D 86 2A 2E B0 º.×].*.° [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 1 mid = 2 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,1238) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,1238) wrote 1238 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 167 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=167 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=24256 smb_uid=6145 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 167 (0xA7) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=124 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H [010] 82 F7 12 01 02 02 A2 02 04 00 02 57 00 69 00 6E .÷....¢. ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i [050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0 [070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2.. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 1 mid = 2 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 1 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 1: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 18 6E 8E 1F 78 31 9B 1A .n..x1.. [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=167 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=24256 smb_uid=6145 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 167 (0xA7) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=124 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H [010] 82 F7 12 01 02 02 A2 02 04 00 02 57 00 69 00 6E .÷....¢. ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i [050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0 [070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2.. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 2 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 94 B2 A6 E7 D9 9C 6F 2E .²¦çÙ.o. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 3 mid = 3 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,84) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,84) wrote 84 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 48 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 49 50 43 00 00 00 00 IPC.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 3 mid = 3 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 3 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 3: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 49 8A 93 45 E2 F8 5D 3B I..Eâø]; [2004/10/05 13:40:24, 10] libsmb/clientgen.c:cli_init_creds(217) cli_init_creds: user domain [2004/10/05 13:40:24, 10] passdb/secrets.c:secrets_named_mutex_release(714) secrets_named_mutex: released mutex for FRMPDC01 [2004/10/05 13:40:24, 4] passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 4 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] CF 3E BC 2B 71 92 E1 E4 Ï>¼+q.áä [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 5 mid = 4 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,108) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,108) wrote 108 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 103 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 5 mid = 4 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 5 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 5: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 97 CF 2E 26 B5 A2 81 5C .Ï.&µ¢.\ [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1319) Bind RPC Pipe[8002]: \PIPE\NETLOGON [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1215) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1218) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000017 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8002 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=87 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 17 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 6 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 6C 88 A2 E1 C7 8B D0 04 l.¢áÇ.Ð. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 7 mid = 5 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,158) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,158) wrote 158 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 7 mid = 5 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 124 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 17 00 00 H....... .D...... [010] 00 B8 10 B8 10 66 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.f'. ...\PIPE [020] 5C 6C 73 61 73 73 00 22 42 01 00 00 00 00 00 00 \lsass." B....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 7 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 7: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 37 72 05 30 CD 03 9F 60 7r.0Í..` [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 17 00 00 H....... .D...... [010] 00 B8 10 B8 10 66 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.f'. ...\PIPE [020] 5C 6C 73 61 73 73 00 22 42 01 00 00 00 00 00 00 \lsass." B....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000017 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1395) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00002766 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:check_bind_response(1271) bind_rpc_pipe: accepted! [2004/10/05 13:40:24, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from FRLPWW01 to FRMPDC01: 02FEA2011AA7F779 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_req_chal(676) init_q_req_chal: 676 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_req_chal(685) init_q_req_chal: 685 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000046 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0046 data: 02 fe a2 01 1a a7 f7 79 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0x4 data_len: 0x66 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0066 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000056 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8002 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 102 (0x66) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 102 (0x66) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=117 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 66 00 00 00 18 00 00 00 56 .......f .......V [020] 00 00 00 00 00 04 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 09 .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 09 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 00 00 02 FE A2 .P.W.W.0 .1....þ¢ [070] 01 1A A7 F7 79 ..§÷y [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 8 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] B6 B3 15 BA 35 19 8B FA ¶³.º5..ú [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 9 mid = 6 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,188) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,188) wrote 188 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 9 mid = 6 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 92 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 66 05 00 02 03 10 00 00 00 24 00 00 00 18 00 00 f....... .$...... [010] 00 0C 00 00 00 00 00 00 00 67 6E 25 BF 6C 8F 68 ........ .gn%¿l.h [020] E9 00 00 00 00 é.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 9 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 9: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] FB EB 70 DC 18 F6 9E 08 ûëpÜ.ö.. [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 66 05 00 02 03 10 00 00 00 24 00 00 00 18 00 00 f....... .$...... [010] 00 0C 00 00 00 00 00 00 00 67 6E 25 BF 6C 8F 68 ........ .gn%¿l.h [020] E9 00 00 00 00 é.... [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 67 6e 25 bf 6c 8f 68 e9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 02FEA2011AA7F779 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 676E25BF6C8F68E9 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : 696CC8C086366063 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(64) sess_key : 3DE159170CF81F44 [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : 3DE159170CF81F44 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 02FEA2011AA7F779 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 02FEA2011AA7F779 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: 32B2D33B32B24D85 [2004/10/05 13:40:24, 4] rpc_client/cli_netlogon.c:cli_net_auth2(108) cli_net_auth2: srv:\\FRMPDC01 acct:FRLPWW01$ sc:2 mc: FRLPWW01 chal 32B2D33B32B24D85 neg: 400701ff [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_auth_2(797) init_q_auth_2: 797 [2004/10/05 13:40:24, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_auth_2(803) init_q_auth_2: 803 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 0000000a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 0000000a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1.$... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0048 sec_chan: 0002 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004a smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_str_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0058 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00006a smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 006a data: 32 b2 d3 3b 32 b2 4d 85 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 net_io_neg_flags [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 neg_flags: 400701ff [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xf data_len: 0x90 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 90 auth_len: 0 alloc_hint: 80 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0090 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000019 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000080 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8002 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=226 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=159 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 00 00 00 19 00 00 00 80 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 0A .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 0A 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 24 00 00 00 02 .P.W.W.0 .1.$.... [070] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 46 ........ .......F [080] 00 52 00 4C 00 50 00 57 00 57 00 30 00 31 00 00 .R.L.P.W .W.0.1.. [090] 00 32 B2 D3 3B 32 B2 4D 85 00 00 FF 01 07 40 .2²Ó;2²M ...ÿ..@ [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 10 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 62 66 C3 6A 1D FA A7 7A bfÃj.ú§z [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 11 mid = 7 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,230) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,230) wrote 230 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 11 mid = 7 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 96 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 28 00 00 00 19 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 88 D1 5F D7 F0 0A B6 ........ ..Ñ_×ð.¶ [020] EE FF 01 07 40 00 00 00 00 îÿ..@... . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 11 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 11: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] E1 68 B7 07 42 CC 67 59 áh·.BÌgY [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 28 00 00 00 19 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 88 D1 5F D7 F0 0A B6 ........ ..Ñ_×ð.¶ [020] EE FF 01 07 40 00 00 00 00 îÿ..@... . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000019 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 88 d1 5f d7 f0 0a b6 ee [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : 3DE159170CF81F44 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 676E25BF6C8F68E9 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 676E25BF6C8F68E9 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: 88D15FD7F00AB6EE [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(123) challenge : 88D15FD7F00AB6EE [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(124) calculated: 88D15FD7F00AB6EE [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 12 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 51 3D 72 3D 8D 9F 09 D4 Q=r=...Ô [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 13 mid = 8 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,108) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,108) wrote 108 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 103 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 13 mid = 8 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 13 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 13: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 84 0A 47 B2 8A C2 CA 22 ..G².ÂÊ" [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1319) Bind RPC Pipe[8003]: \PIPE\NETLOGON [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1215) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1218) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/10/05 13:40:24, 6] lib/util.c:dump_data(1835) [000] 46 52 FR [2004/10/05 13:40:24, 6] lib/util.c:dump_data(1835) [000] 46 52 4C 50 57 57 30 31 FRLPWW01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0064 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0014 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8003 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=182 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32771 (0x8003) smb_bcc=115 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 64 00 14 00 1A 00 00 00 B8 .......d .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 46 52 00 46 52 4C 50 57 57 .......F R.FRLPWW [070] 30 31 00 01. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 14 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] C9 CA DC 90 D7 BE 37 BE ÉÊÜ.×¾7¾ [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 15 mid = 9 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,186) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,186) wrote 186 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 15 mid = 9 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 144 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 1A 00 00 d....... .X...... [010] 00 B8 10 B8 10 67 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.g'. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 15 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 15: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 41 67 D6 38 FE 78 03 B0 AgÖ8þx.° [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 1A 00 00 d....... .X...... [010] 00 B8 10 B8 10 67 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.g'. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001a [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1395) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00002767 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:check_bind_response(1271) bind_rpc_pipe: accepted! [2004/10/05 13:40:24, 10] passdb/secrets.c:secrets_named_mutex(702) secrets_named_mutex: got mutex for NETLOGON\FRMPDC01 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 16 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 98 7C 84 A2 63 29 AD 36 .|.¢c)­6 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 17 mid = 10 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,45) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,45) wrote 45 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 35 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=10 smt_wct=0 smb_bcc=0 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 17 mid = 10 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 17 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 17: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 97 D5 58 29 6C 19 8A 99 .ÕX)l... [2004/10/05 13:40:24, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from FRLPWW01 to FRMPDC01: 6A2E81ADFA5FE6AC [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_req_chal(676) init_q_req_chal: 676 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_req_chal(685) init_q_req_chal: 685 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000046 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0046 data: 6a 2e 81 ad fa 5f e6 ac [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0050 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0051 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0052 padding : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0053 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 auth_context : 00000001 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=0 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=0 data_len=80 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0058 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0060 seq_num: 82 57 5b 57 35 7d 55 5c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 packet_digest: d3 05 22 43 27 43 a9 47 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0070 confounder: a7 ba 86 77 eb 75 52 06 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0x4 data_len: 0x90 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 90 auth_len: 20 alloc_hint: 58 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0090 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000058 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8003 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=226 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32771 (0x8003) smb_bcc=159 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 00 20 00 1B 00 00 00 58 ........ . .....X [020] 00 00 00 00 00 04 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 09 .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 09 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 00 00 6A 2E 81 .P.W.W.0 .1...j.. [070] AD FA 5F E6 AC 00 00 44 05 02 00 01 00 00 00 77 ­ú_æ¬..D .......w [080] 00 FF FF FF FF 00 00 82 57 5B 57 35 7D 55 5C D3 .ÿÿÿÿ... W[W5}U\Ó [090] 05 22 43 27 43 A9 47 A7 BA 86 77 EB 75 52 06 ."C'C©G§ º.wëuR. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 18 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] E7 8A F0 04 48 5B BD C0 ç.ð.H[½À [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 19 mid = 11 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,230) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,230) wrote 230 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 19 mid = 11 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 136 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 50 00 20 00 1B 00 00 ........ .P. .... [010] 00 0C 00 00 00 00 00 00 00 84 6A DA 02 E3 0C AC ........ ..jÚ.ã.¬ [020] D5 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 Õ....... .D...... [030] 00 77 00 FF FF FF FF 00 00 A8 EC B7 8F C4 25 59 .w.ÿÿÿÿ. .¨ì·.Ä%Y [040] AA C7 23 BA BB 97 84 CC 15 00 00 00 00 00 00 00 ªÇ#º»..Ì ........ [050] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 19 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 19: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 3C E3 AF CE 45 F3 CA 83 <ã¯ÎEóÊ. [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 90 05 00 02 03 10 00 00 00 50 00 20 00 1B 00 00 ........ .P. .... [010] 00 0C 00 00 00 00 00 00 00 84 6A DA 02 E3 0C AC ........ ..jÚ.ã.¬ [020] D5 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 Õ....... .D...... [030] 00 77 00 FF FF FF FF 00 00 A8 EC B7 8F C4 25 59 .w.ÿÿÿÿ. .¨ì·.Ä%Y [040] AA C7 23 BA BB 97 84 CC 15 00 00 00 00 00 00 00 ªÇ#º»..Ì ........ [050] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 80 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0050 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 80 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 80 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: a8 ec b7 8f c4 25 59 aa [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: c7 23 ba bb 97 84 cc 15 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=1 data_len=16 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=1 data_len=16 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 84 6a da 02 e3 0c ac d5 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 6A2E81ADFA5FE6AC [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 846ADA02E30CACD5 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : EE985BB0DD6C9282 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_session_key(64) sess_key : D234D7ED851A1A47 [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : D234D7ED851A1A47 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 6A2E81ADFA5FE6AC [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 6A2E81ADFA5FE6AC [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: 12E947B43BFBF6CD [2004/10/05 13:40:24, 4] rpc_client/cli_netlogon.c:cli_net_auth2(108) cli_net_auth2: srv:\\FRMPDC01 acct:FRLPWW01$ sc:2 mc: FRLPWW01 chal 12E947B43BFBF6CD neg: 400701ff [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_auth_2(797) init_q_auth_2: 797 [2004/10/05 13:40:24, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_q_auth_2(803) init_q_auth_2: 803 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 uni_max_len: 0000000a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_str_len: 0000000a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0034 buffer : F.R.L.P.W.W.0.1.$... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0048 sec_chan: 0002 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004a smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_str_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0058 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00006a smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 006a data: 12 e9 47 b4 3b fb f6 cd [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 net_io_neg_flags [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 neg_flags: 400701ff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0078 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0079 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 007a padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 007b reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c auth_context : 00000001 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=2 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=2 data_len=120 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0080 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0088 seq_num: fa 99 b8 c0 c5 da 5e 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0090 packet_digest: 91 71 59 1e 33 2e 79 24 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0098 confounder: f8 b8 54 ea 7a 52 d7 22 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xf data_len: 0xb8 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: b8 auth_len: 20 alloc_hint: 80 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000080 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8003 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=266 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32771 (0x8003) smb_bcc=199 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 B8 00 20 00 1C 00 00 00 80 .......¸ . ...... [020] 00 00 00 00 00 0F 00 01 00 00 00 0B 00 00 00 00 ........ ........ [030] 00 00 00 0B 00 00 00 5C 00 5C 00 46 00 52 00 4D .......\ .\.F.R.M [040] 00 50 00 44 00 43 00 30 00 31 00 00 00 00 00 0A .P.D.C.0 .1...... [050] 00 00 00 00 00 00 00 0A 00 00 00 46 00 52 00 4C ........ ...F.R.L [060] 00 50 00 57 00 57 00 30 00 31 00 24 00 00 00 02 .P.W.W.0 .1.$.... [070] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 46 ........ .......F [080] 00 52 00 4C 00 50 00 57 00 57 00 30 00 31 00 00 .R.L.P.W .W.0.1.. [090] 00 12 E9 47 B4 3B FB F6 CD 00 00 FF 01 07 40 44 ..éG´;ûö Í..ÿ..@D [0A0] 05 00 00 01 00 00 00 77 00 FF FF FF FF 00 00 FA .......w .ÿÿÿÿ..ú [0B0] 99 B8 C0 C5 DA 5E 04 91 71 59 1E 33 2E 79 24 F8 .¸ÀÅÚ^.. qY.3.y$ø [0C0] B8 54 EA 7A 52 D7 22 ¸TêzR×" [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 20 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 6A BE 7E 52 63 71 2E FB j¾~Rcq.û [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 21 mid = 12 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,270) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,270) wrote 270 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 21 mid = 12 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 136 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] B8 05 00 02 03 10 00 00 00 50 00 20 00 1C 00 00 ¸....... .P. .... [010] 00 10 00 00 00 00 00 00 00 99 DB 56 B8 55 CF 64 ........ ..ÛV¸UÏd [020] 52 FF 01 07 40 00 00 00 00 44 05 00 00 01 00 00 Rÿ..@... .D...... [030] 00 77 00 FF FF FF FF 00 00 0E 8C 48 E0 A4 03 DE .w.ÿÿÿÿ. ...Hà¤.Þ [040] 98 70 F8 DB 5A 42 DF 1C 5D 00 00 00 00 00 00 00 .pøÛZBß. ]....... [050] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 21 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 21: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 70 CB 4E CA 8B 2D FB 27 pËNÊ.-û' [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] B8 05 00 02 03 10 00 00 00 50 00 20 00 1C 00 00 ¸....... .P. .... [010] 00 10 00 00 00 00 00 00 00 99 DB 56 B8 55 CF 64 ........ ..ÛV¸UÏd [020] 52 FF 01 07 40 00 00 00 00 44 05 00 00 01 00 00 Rÿ..@... .D...... [030] 00 77 00 FF FF FF FF 00 00 0E 8C 48 E0 A4 03 DE .w.ÿÿÿÿ. ...Hà¤.Þ [040] 98 70 F8 DB 5A 42 DF 1C 5D 00 00 00 00 00 00 00 .pøÛZBß. ]....... [050] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 80 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0050 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 80 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 80 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: 0e 8c 48 e0 a4 03 de 98 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 70 f8 db 5a 42 df 1c 5d [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=3 data_len=16 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=3 data_len=16 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 99 db 56 b8 55 cf 64 52 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : D234D7ED851A1A47 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 846ADA02E30CACD5 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 846ADA02E30CACD5 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: 99DB56B855CF6452 [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(123) challenge : 99DB56B855CF6452 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(124) calculated: 99DB56B855CF6452 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 22 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 7D 36 C0 04 FB 54 48 08 }6À.ûTH. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 23 mid = 13 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,108) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,108) wrote 108 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 103 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=13 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 23 mid = 13 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 23 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 23: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 20 F5 A1 D2 58 BF 33 DF õ¡ÒX¿3ß [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1319) Bind RPC Pipe[8004]: \PIPE\NETLOGON [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1215) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1218) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 06 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/10/05 13:40:24, 6] lib/util.c:dump_data(1835) [000] 46 52 FR [2004/10/05 13:40:24, 6] lib/util.c:dump_data(1835) [000] 46 52 4C 50 57 57 30 31 FRLPWW01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0064 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0014 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001d [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8004 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=182 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32772 (0x8004) smb_bcc=115 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 64 00 14 00 1D 00 00 00 B8 .......d .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 46 52 00 46 52 4C 50 57 57 .......F R.FRLPWW [070] 30 31 00 01. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 24 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] E9 50 4D 1C AB B0 B2 D0 éPM.«°²Ð [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 25 mid = 14 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,186) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,186) wrote 186 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 25 mid = 14 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 144 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 1D 00 00 d....... .X...... [010] 00 B8 10 B8 10 68 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.h'. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.Í «....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 25 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 25: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] C0 E1 2E 11 39 99 CB 75 Àá..9.Ëu [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 1D 00 00 d....... .X...... [010] 00 B8 10 B8 10 68 27 00 00 0C 00 5C 50 49 50 45 .¸.¸.h'. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.Í «....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001d [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 06 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1395) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00002768 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:check_bind_response(1271) bind_rpc_pipe: accepted! [2004/10/05 13:40:24, 10] passdb/secrets.c:secrets_named_mutex_release(714) secrets_named_mutex: released mutex for NETLOGON\FRMPDC01 [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : D234D7ED851A1A47 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 12E947B43BFBF6CD [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 41628828 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 3A71AAF53BFBF6CD [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: CA5C2BB0859BA39C [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_id_info2(1180) init_id_info2: 1180 [2004/10/05 13:40:24, 5] rpc_parse/parse_misc.c:init_logon_id(1515) make_logon_id: 1515 [2004/10/05 13:40:24, 5] rpc_parse/parse_net.c:init_sam_info(1286) init_sam_info: 1286 [2004/10/05 13:40:24, 5] rpc_parse/parse_misc.c:init_clnt_info2(1430) make_clnt_info: 1430 [2004/10/05 13:40:24, 5] rpc_parse/parse_misc.c:init_clnt_srv(1275) init_clnt_srv: 1275 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_sam_logon [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_sam_info [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_info2 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer : 00000001 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000b [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.F.R.M.P.D.C.0.1... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 undoc_buffer2: 00000001 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unistr2 unistr2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 uni_str_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0038 buffer : F.R.L.P.W.W.0.1... [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c ptr_cred: 00000001 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_cred [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0050 data: ca 5c 2b b0 85 9b a3 9c [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_utime [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 time: 41628828 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c ptr_rtn_cred : 00000001 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_cred [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0060 data: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_utime [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 time: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 006c logon_level : 0002 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00006e smb_io_sam_info logon_info [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 006e switch_value : 0002 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000070 net_io_id_info2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0070 ptr_id_info2: 00000001 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000074 smb_io_unihdr unihdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0074 uni_str_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0076 uni_max_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 buffer : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c param_ctrl: 00000000 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_logon_id [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0080 low : 0000dead [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0084 high: 0000beef [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr unihdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0088 uni_str_len: 001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 008a uni_max_len: 001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 008c buffer : 00000001 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000090 smb_io_unihdr unihdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0090 uni_str_len: 0022 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0092 uni_max_len: 0022 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0094 buffer : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0098 lm_chal: cb 0f b6 8c 74 d7 c0 57 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 smb_io_strhdr hdr_nt_chal_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00a0 str_str_len: 0018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00a2 str_max_len: 0018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a4 buffer : 00000001 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a8 smb_io_strhdr hdr_lm_chal_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00a8 str_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00aa str_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00ac buffer : 00000000 [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000b0 smb_io_unistr2 uni_domain_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00b0 uni_max_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00b4 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00b8 uni_str_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00bc buffer : f.r. [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000c0 smb_io_unistr2 uni_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c0 uni_max_len: 0000000f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c4 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c8 uni_str_len: 0000000f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00cc buffer : w.i.s.s.e.n.s.c.h.a.f.t.l.f.r. [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000ea smb_io_unistr2 uni_wksta_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00ec uni_max_len: 00000011 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00f0 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00f4 uni_str_len: 00000011 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00f8 buffer : \.\.W.4.-.1.0.2.A.2.A.H.6.-.M.O.B. [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 00011a smb_io_string2 nt_chal_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 011c str_max_len: 00000018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0120 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0124 str_str_len: 00000018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_string2(961) 0128 buffer : ðóÞuÁ~.1..vNÌ´$.J...¼.F. [2004/10/05 13:40:24, 9] rpc_parse/parse_prs.c:prs_debug(82) 000140 smb_io_string2 - NULL lm_chal_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0140 validation_level: 0003 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000148 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0148 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0149 auth_level : 06 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 014a padding : 06 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 014b reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 014c auth_context : 00000001 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=0 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=0 data_len=328 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000150 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0150 sig : 77 00 7a 00 ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0158 seq_num: 39 59 31 f2 7a 00 04 4d [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0160 packet_digest: 05 5f 61 77 5d ff d1 95 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0168 confounder: 57 6f 49 0c 62 4d b3 21 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0x2 data_len: 0x188 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: 188 auth_len: 20 alloc_hint: 150 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0188 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000150 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0002 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:8004 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=474 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 392 (0x188) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 392 (0x188) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32772 (0x8004) smb_bcc=407 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 88 01 20 00 1E 00 00 00 50 ........ . .....P [020] 01 00 00 00 00 02 00 A5 20 A4 C4 E7 03 E2 FC 36 .......¥ ¤Äç.âü6 [030] 7A EA 7A 11 6E 80 AE 24 95 EC 81 8F 03 89 0E 47 zêz.n.®$ .ì.....G [040] 00 DB D9 0D A0 D9 C5 B7 0F 04 08 2D E8 DA 8E 56 .ÛÙ. ÙÅ· ...-èÚ.V [050] 5A 6B AB 2E B2 77 2D 39 5F 62 A0 F1 61 AF D9 F1 Zk«.²w-9 _b ña¯Ùñ [060] B6 EC 12 30 63 6B B7 E2 95 2E 22 46 03 43 26 23 ¶ì.0ck·â .."F.C&# [070] 2E 02 84 79 C9 3C D3 44 6E C2 97 7C 8F 43 AE D0 ...yÉ<ÓD nÂ.|.C®Ð [080] 53 E2 FD 97 CE CF 3F 47 C8 B6 4A 3F 72 BA 2A 05 Sâý.ÎÏ?G ȶJ?rº*. [090] 2E F9 69 18 54 B0 C9 3F 3F F2 6B AE F6 DA B6 8B .ùi.T°É? ?òk®öÚ¶. [0A0] 82 F8 80 04 03 F3 BA 3D 5F 72 02 DC AA BD 7D 37 .ø...óº= _r.ܪ½}7 [0B0] E1 88 4E A3 13 F0 C1 42 9D 2E 70 84 EA 13 DC 6F á.N£.ðÁB ..p.ê.Üo [0C0] C5 41 37 C9 98 1C A9 3A 35 9D DF B9 BF B7 06 CA ÅA7É..©: 5.ß¹¿·.Ê [0D0] 12 BD 61 48 ED 04 EC D1 80 E3 59 BD E1 D5 6F 21 .½aHí.ìÑ .ãY½áÕo! [0E0] 53 A7 95 2A 5B 83 EA 00 F3 3C 90 19 32 86 51 E3 S§.*[.ê. ó<..2.Qã [0F0] ED E1 45 2D 2C 73 DA 8D A3 6A 92 24 0F 36 AF 42 íáE-,sÚ. £j.$.6¯B [100] 59 F2 2E B8 C3 FC A4 7D 4B 08 14 F9 9C E8 D1 A4 Yò.¸Ãü¤} K..ù.èѤ [110] 5D 29 4E 6C 48 C3 AA 6C 88 86 66 CA 72 90 F0 43 ])NlHêl ..fÊr.ðC [120] AF FD 55 D5 FC 48 E8 91 89 29 7B 76 F0 57 F6 22 ¯ýUÕüHè. .){vðWö" [130] 79 FF C6 93 08 61 15 C0 0F 5D 70 31 9A 1B 49 27 yÿÆ..a.À .]p1..I' [140] 0C 7C C8 01 7A 71 C4 01 43 47 B1 27 97 40 56 D4 .|È.zqÄ. CG±'.@VÔ [150] 3B 10 FB FB 54 82 5F F8 F9 F4 94 47 9E 1F 77 6A ;.ûûT._ø ùô.G..wj [160] 47 46 FC 30 D7 25 5B C3 C5 C9 62 AB FA 19 76 44 GFü0×%[à ÅÉb«ú.vD [170] 06 06 00 01 00 00 00 77 00 7A 00 FF FF 00 00 39 .......w .z.ÿÿ..9 [180] 59 31 F2 7A 00 04 4D 05 5F 61 77 5D FF D1 95 57 Y1òz..M. _aw]ÿÑ.W [190] 6F 49 0C 62 4D B3 21 oI.bM³! [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 26 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] C9 EB 5D 8C 9B E6 2F 24 Éë]..æ/$ [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 27 mid = 15 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(20,478) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(20,478) wrote 478 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 27 mid = 15 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 504 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=504 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 448 (0x1C0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 448 (0x1C0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=449 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 88 05 00 02 03 10 00 00 00 C0 01 20 00 1E 00 00 ........ .À. .... [010] 00 74 01 00 00 00 00 00 00 99 21 3F 9C 52 79 5E .t...... ..!?.Ry^ [020] 98 95 DB 33 88 74 41 EE DB 42 4A 60 67 EE A2 A7 ..Û3.tAî ÛBJ`g [030] DE 23 D9 0A 72 ED AE 3B 0F A1 EF A9 74 5E 06 DB Þ#Ù.rí®; .¡ï©t^.Û [040] 6A 48 EC 16 48 F0 B3 41 AF 0A 00 F6 9E A4 50 F0 jHì.Hð³A ¯..ö.¤Pð [050] 22 AB 97 38 E4 3D BD BF 5C 5E 00 D9 72 2E 65 F0 "«.8ä=½¿ \^.Ùr.eð [060] F6 71 D5 EE C4 EB 1D 84 0E 8F 50 70 8D 3C EF 27 öqÕîÄë.. ..Pp.<ï' [070] 86 A7 D9 91 6D A5 DC 5D 52 06 60 78 86 C5 0D 58 .§Ù.m¥Ü] R.`x.Å.X [080] 2F 4C 5D D0 66 CE 55 E9 84 48 89 A9 75 D0 4C 05 /L]ÐfÎUé .H.©uÐL. [090] 97 47 82 AC 24 CD EF 9E 77 A3 64 11 53 6B 82 7A .G.¬$Íï. w£d.Sk.z [0A0] 23 78 CC 38 05 F0 B4 D7 A9 22 14 BC 11 52 B0 0B #xÌ8.ð´× ©".¼.R°. [0B0] D9 35 02 CC A5 C7 0A EE 53 5F 94 9F A6 58 9C 12 Ù5.Ì¥Ç.î S_..¦X.. [0C0] EB 2C 0A FC 0A 0E B0 D4 B5 94 D7 29 46 6C 07 33 ë,.ü..°Ô µ.×)Fl.3 [0D0] C8 CB 45 D8 E8 19 43 EA 3C 7B AD EF C6 4A D6 5D ÈËEØè.Cê <{­ïÆJÖ] [0E0] EE 13 A7 A6 E3 96 E0 C4 B5 E9 6E 64 E9 20 4E 4A î.§¦ã.àÄ µéndé NJ [0F0] AE 4A 36 3C C5 71 98 9D 65 62 93 84 5C 52 C9 DC ®J6<Åq.. eb..\RÉÜ [100] E6 1B 0F E3 0B D4 CE 2B 93 40 E2 B8 57 D9 E9 0F æ..ã.ÔÎ+ .@â¸WÙé. [110] 26 A0 A5 A1 79 EB 9E 24 62 8E 1A C5 D7 63 D8 04 & ¥¡yë.$ b..Å×cØ. [120] 1B E2 38 17 C5 4D AE 95 19 6B 9E EF 3D B5 DA FB .â8.ÅM®. .k.ï=µÚû [130] 53 6C 29 2C 06 5E 63 FF 66 14 F1 CE 93 81 92 E7 Sl),.^cÿ f.ñÎ...ç [140] 75 C3 2F A8 F9 60 C7 27 3E DE BF DC 0A E9 80 24 uÃ/¨ù`Ç' >Þ¿Ü.é.$ [150] 7F 14 F2 62 C7 3C E5 14 46 3E 9F EE DA 43 A1 E4 ..òbÇ<å. F>.îÚC¡ä [160] CF 81 BE C2 8D 14 31 C1 DF 3D ED C5 0D EC 93 C7 Ï.¾Â..1Á ß=íÅ.ì.Ç [170] 81 9E 58 B8 00 21 A2 56 66 DA 0F 73 E2 1D FD AA ..X¸.!¢V fÚ.sâ.ýª [180] E2 4E D4 FD 16 44 1E 7B 69 91 DD 84 AA 80 F6 83 âNÔý.D.{ i.Ý.ª.ö. [190] 87 EC 0C EF B4 88 EE 3F 7F 44 06 0C 00 01 00 00 .ì.ï´.î? .D...... [1A0] 00 77 00 7A 00 FF FF 00 00 4A 14 30 03 B9 06 C9 .w.z.ÿÿ. .J.0.¹.É [1B0] F1 0F 44 16 30 75 DE 2B A9 32 79 01 59 F0 19 9F ñ.D.0uÞ+ ©2y.Yð.. [1C0] F6 ö [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 27 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 27: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] C8 E2 88 D5 69 7E C9 56 Èâ.Õi~ÉV [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=504 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6145 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 448 (0x1C0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 448 (0x1C0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=449 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 88 05 00 02 03 10 00 00 00 C0 01 20 00 1E 00 00 ........ .À. .... [010] 00 74 01 00 00 00 00 00 00 99 21 3F 9C 52 79 5E .t...... ..!?.Ry^ [020] 98 95 DB 33 88 74 41 EE DB 42 4A 60 67 EE A2 A7 ..Û3.tAî ÛBJ`g [030] DE 23 D9 0A 72 ED AE 3B 0F A1 EF A9 74 5E 06 DB Þ#Ù.rí®; .¡ï©t^.Û [040] 6A 48 EC 16 48 F0 B3 41 AF 0A 00 F6 9E A4 50 F0 jHì.Hð³A ¯..ö.¤Pð [050] 22 AB 97 38 E4 3D BD BF 5C 5E 00 D9 72 2E 65 F0 "«.8ä=½¿ \^.Ùr.eð [060] F6 71 D5 EE C4 EB 1D 84 0E 8F 50 70 8D 3C EF 27 öqÕîÄë.. ..Pp.<ï' [070] 86 A7 D9 91 6D A5 DC 5D 52 06 60 78 86 C5 0D 58 .§Ù.m¥Ü] R.`x.Å.X [080] 2F 4C 5D D0 66 CE 55 E9 84 48 89 A9 75 D0 4C 05 /L]ÐfÎUé .H.©uÐL. [090] 97 47 82 AC 24 CD EF 9E 77 A3 64 11 53 6B 82 7A .G.¬$Íï. w£d.Sk.z [0A0] 23 78 CC 38 05 F0 B4 D7 A9 22 14 BC 11 52 B0 0B #xÌ8.ð´× ©".¼.R°. [0B0] D9 35 02 CC A5 C7 0A EE 53 5F 94 9F A6 58 9C 12 Ù5.Ì¥Ç.î S_..¦X.. [0C0] EB 2C 0A FC 0A 0E B0 D4 B5 94 D7 29 46 6C 07 33 ë,.ü..°Ô µ.×)Fl.3 [0D0] C8 CB 45 D8 E8 19 43 EA 3C 7B AD EF C6 4A D6 5D ÈËEØè.Cê <{­ïÆJÖ] [0E0] EE 13 A7 A6 E3 96 E0 C4 B5 E9 6E 64 E9 20 4E 4A î.§¦ã.àÄ µéndé NJ [0F0] AE 4A 36 3C C5 71 98 9D 65 62 93 84 5C 52 C9 DC ®J6<Åq.. eb..\RÉÜ [100] E6 1B 0F E3 0B D4 CE 2B 93 40 E2 B8 57 D9 E9 0F æ..ã.ÔÎ+ .@â¸WÙé. [110] 26 A0 A5 A1 79 EB 9E 24 62 8E 1A C5 D7 63 D8 04 & ¥¡yë.$ b..Å×cØ. [120] 1B E2 38 17 C5 4D AE 95 19 6B 9E EF 3D B5 DA FB .â8.ÅM®. .k.ï=µÚû [130] 53 6C 29 2C 06 5E 63 FF 66 14 F1 CE 93 81 92 E7 Sl),.^cÿ f.ñÎ...ç [140] 75 C3 2F A8 F9 60 C7 27 3E DE BF DC 0A E9 80 24 uÃ/¨ù`Ç' >Þ¿Ü.é.$ [150] 7F 14 F2 62 C7 3C E5 14 46 3E 9F EE DA 43 A1 E4 ..òbÇ<å. F>.îÚC¡ä [160] CF 81 BE C2 8D 14 31 C1 DF 3D ED C5 0D EC 93 C7 Ï.¾Â..1Á ß=íÅ.ì.Ç [170] 81 9E 58 B8 00 21 A2 56 66 DA 0F 73 E2 1D FD AA ..X¸.!¢V fÚ.sâ.ýª [180] E2 4E D4 FD 16 44 1E 7B 69 91 DD 84 AA 80 F6 83 âNÔý.D.{ i.Ý.ª.ö. [190] 87 EC 0C EF B4 88 EE 3F 7F 44 06 0C 00 01 00 00 .ì.ï´.î? .D...... [1A0] 00 77 00 7A 00 FF FF 00 00 4A 14 30 03 B9 06 C9 .w.z.ÿÿ. .J.0.¹.É [1B0] F1 0F 44 16 30 75 DE 2B A9 32 79 01 59 F0 19 9F ñ.D.0uÞ+ ©2y.Yð.. [1C0] F6 ö [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 448 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 01c0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000174 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 448 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 448 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 06 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 0c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 7a 00 ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: 4a 14 30 03 b9 06 c9 f1 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 0f 44 16 30 75 de 2b a9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 32 79 01 59 f0 19 9f f6 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=1 data_len=384 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=1 data_len=384 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_sam_logon [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer_creds: 00020000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_cred [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_chal [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001c data: 85 d3 64 37 fa a6 f8 4e [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_utime [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 time: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 switch_value: 0003 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c net_io_user_info3 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c ptr_user_info : 00020004 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time logon time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_time logoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c high: 7fffffff [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_time kickoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 low : 58420000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 high: 040d0a1d [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_time last set time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_time can change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_time must change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c high: 7fffffff [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0060 uni_str_len: 001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0062 uni_max_len: 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 buffer : 00020008 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unihdr hdr_full_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0068 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 006a uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_unihdr hdr_logon_script [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0070 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0072 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_unihdr hdr_profile_path [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0078 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 007a uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr hdr_home_dir [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0080 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0082 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0084 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr hdr_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0088 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 008a uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 008c buffer : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0090 logon_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0092 bad_pw_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0094 user_rid : 000004d0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0098 group_rid : 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c num_groups : 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a0 buffer_groups : 0002000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a4 user_flgs : 00000120 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 00a8 user_sess_key: 09 83 43 db d6 18 fd c5 be 7b 36 2d ae 85 db ef [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000b8 smb_io_unihdr hdr_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00b8 uni_str_len: 0010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00ba uni_max_len: 0012 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00bc buffer : 00020010 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000c0 smb_io_unihdr hdr_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00c0 uni_str_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 00c2 uni_max_len: 0006 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c4 buffer : 00020014 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c8 buffer_dom_id : 00020018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 00cc padding : 44 00 d9 e7 1b 2b 6c 8c 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00f4 num_other_sids: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00f8 buffer_other_sids: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fc smb_io_unistr2 uni_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00fc uni_max_len: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0100 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0104 uni_str_len: 0000000f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0108 buffer : w.i.s.s.e.n.s.c.h.a.f.t.l.f.r. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000126 smb_io_unistr2 - NULL uni_full_name [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000126 smb_io_unistr2 - NULL uni_logon_script [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000126 smb_io_unistr2 - NULL uni_profile_path [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000126 smb_io_unistr2 - NULL uni_home_dir [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000126 smb_io_unistr2 - NULL uni_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0128 num_groups2 : 00000002 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00012c smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 012c g_rid: 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0130 attr : 00000007 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000134 smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0134 g_rid: 00000458 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0138 attr : 00000007 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00013c smb_io_unistr2 uni_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 013c uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0140 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0144 uni_str_len: 00000008 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0148 buffer : F.R.M.P.D.C.0.1. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000158 smb_io_unistr2 uni_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0158 uni_max_len: 00000003 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 015c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0160 uni_str_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0164 buffer : F.R. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000168 smb_io_dom_sid2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0168 num_auths: 00000004 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 00016c smb_io_dom_sid sid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 016c sid_rev_num: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 016d num_auths : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 016e id_auth[0] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 016f id_auth[1] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0170 id_auth[2] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0171 id_auth[3] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0172 id_auth[4] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0173 id_auth[5] : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0174 sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0184 auth_resp : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0188 status : NT_STATUS_OK [2004/10/05 13:40:24, 5] libsmb/credentials.c:clnt_deal_with_creds(148) clnt_deal_with_creds: 148 [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(92) sess_key : D234D7ED851A1A47 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(93) stor_cred: 12E947B43BFBF6CD [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(94) timestamp: 41628829 [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(95) timecred : 3B71AAF53BFBF6CD [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_create(96) calc_cred: 85D36437FAA6F84E [2004/10/05 13:40:24, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(123) challenge : 85D36437FAA6F84E [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(124) calculated: 85D36437FAA6F84E [2004/10/05 13:40:24, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/10/05 13:40:24, 5] libsmb/credentials.c:clnt_deal_with_creds(167) new clnt cred: 3B71AAF53BFBF6CD [2004/10/05 13:40:24, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(133) netsamlogon_cache_store: SID [S-1-5-21-2293270395-831903670-892339320-1232] [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 timestamp: 41628828 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000004 net_io_user_info3 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 ptr_user_info : 00020004 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_time logon time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c high: 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_time logoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 high: 7fffffff [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_time kickoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 low : 58420000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c high: 040d0a1d [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_time last set time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 high: 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_time can change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c high: 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time must change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 high: 7fffffff [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unihdr hdr_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 uni_str_len: 001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a uni_max_len: 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c buffer : 00020008 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unihdr hdr_full_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0040 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0042 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 buffer : 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr hdr_logon_script [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0048 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 004a uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c buffer : 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unihdr hdr_profile_path [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0050 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0052 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 buffer : 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_unihdr hdr_home_dir [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0058 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 005a uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c buffer : 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0060 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0062 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 buffer : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0068 logon_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 006a bad_pw_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c user_rid : 000004d0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0070 group_rid : 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 num_groups : 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 buffer_groups : 0002000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c user_flgs : 00000120 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0080 user_sess_key: 4d 83 9a 3c cd 33 91 49 91 73 5d 34 c6 51 fa fc [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000090 smb_io_unihdr hdr_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0090 uni_str_len: 0010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0092 uni_max_len: 0012 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0094 buffer : 00020010 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_unihdr hdr_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0098 uni_str_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 009a uni_max_len: 0006 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c buffer : 00020014 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a0 buffer_dom_id : 00020018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 00a4 padding : 00 00 00 00 00 00 00 00 3f 0a 6b 19 68 d4 21 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00cc num_other_sids: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d0 buffer_other_sids: 00000000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000d4 smb_io_unistr2 uni_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d4 uni_max_len: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d8 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00dc uni_str_len: 0000000f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00e0 buffer : w.i.s.s.e.n.s.c.h.a.f.t.l.f.r. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fe smb_io_unistr2 - NULL uni_full_name [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fe smb_io_unistr2 - NULL uni_logon_script [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fe smb_io_unistr2 - NULL uni_profile_path [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fe smb_io_unistr2 - NULL uni_home_dir [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fe smb_io_unistr2 - NULL uni_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0100 num_groups2 : 00000002 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000104 smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0104 g_rid: 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0108 attr : 00000007 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00010c smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 010c g_rid: 00000458 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0110 attr : 00000007 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000114 smb_io_unistr2 uni_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0114 uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0118 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 011c uni_str_len: 00000008 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0120 buffer : F.R.M.P.D.C.0.1. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000130 smb_io_unistr2 uni_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0130 uni_max_len: 00000003 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0134 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0138 uni_str_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 013c buffer : F.R. [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000140 smb_io_dom_sid2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0140 num_auths: 00000004 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000144 smb_io_dom_sid sid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0144 sid_rev_num: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0145 num_auths : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0146 id_auth[0] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0147 id_auth[1] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0148 id_auth[2] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0149 id_auth[3] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 014a id_auth[4] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 014b id_auth[5] : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 014c sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:24, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(86) netsamlogon_clear_cached_user: clearing U/FR/1232 [2004/10/05 13:40:24, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(97) netsamlogon_clear_cached_user: clearing UG/FR/1232 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_user_info3 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_user_info : 00020004 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_time logon time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00000c smb_io_time logoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 high: 7fffffff [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_time kickoff time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 low : 58420000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 high: 040d0a1d [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_time last set time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_time can change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 low : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 high: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_time must change time [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c low : ffffffff [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 high: 7fffffff [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_unihdr hdr_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 uni_str_len: 001e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 uni_max_len: 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 buffer : 00020008 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c smb_io_unihdr hdr_full_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003c uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003e uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_unihdr hdr_logon_script [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0044 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0046 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_unihdr hdr_profile_path [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 004c uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 004e uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000054 smb_io_unihdr hdr_home_dir [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0054 uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0056 uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 buffer : 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00005c smb_io_unihdr hdr_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 005c uni_str_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 005e uni_max_len: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0060 buffer : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0064 logon_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0066 bad_pw_count : 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 user_rid : 000004d0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c group_rid : 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0070 num_groups : 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 buffer_groups : 0002000c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 user_flgs : 00000120 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 007c user_sess_key: 4d 83 9a 3c cd 33 91 49 91 73 5d 34 c6 51 fa fc [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_unihdr hdr_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 008c uni_str_len: 0010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 008e uni_max_len: 0012 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0090 buffer : 00020010 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000094 smb_io_unihdr hdr_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0094 uni_str_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0096 uni_max_len: 0006 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0098 buffer : 00020014 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c buffer_dom_id : 00020018 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 00a0 padding : 00 00 00 00 00 00 00 00 3f 0a 6b 19 68 d4 21 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c8 num_other_sids: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00cc buffer_other_sids: 00000000 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000d0 smb_io_unistr2 uni_user_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d0 uni_max_len: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d4 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00d8 uni_str_len: 0000000f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00dc buffer : w.i.s.s.e.n.s.c.h.a.f.t.l.f.r. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_unistr2 - NULL uni_full_name [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_unistr2 - NULL uni_logon_script [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_unistr2 - NULL uni_profile_path [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_unistr2 - NULL uni_home_dir [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_unistr2 - NULL uni_dir_drive [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00fc num_groups2 : 00000002 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000100 smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0100 g_rid: 00000201 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0104 attr : 00000007 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000108 smb_io_gid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0108 g_rid: 00000458 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 010c attr : 00000007 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000110 smb_io_unistr2 uni_logon_srv [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0110 uni_max_len: 00000009 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0114 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0118 uni_str_len: 00000008 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 011c buffer : F.R.M.P.D.C.0.1. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00012c smb_io_unistr2 uni_logon_dom [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 012c uni_max_len: 00000003 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0130 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0134 uni_str_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0138 buffer : F.R. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00013c smb_io_dom_sid2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 013c num_auths: 00000004 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 000140 smb_io_dom_sid sid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0140 sid_rev_num: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0141 num_auths : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0142 id_auth[0] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0143 id_auth[1] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0144 id_auth[2] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0145 id_auth[3] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0146 id_auth[4] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0147 id_auth[5] : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0148 sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:24, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(612) NTLM CRAP authentication for user [fr]\[wissenschaftlfr] returned NT_STATUS_OK (PAM: 0) [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(568) client_write: need to write 512 extra data bytes. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 512 bytes. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(557) client_write: client_write: complete response written. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn GID_TO_SID [2004/10/05 13:40:24, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374) [24277]: gid to sid 40012 [2004/10/05 13:40:24, 10] sam/idmap_util.c:idmap_gid_to_sid(126) idmap_gid_to_sid: gid = [40012] [2004/10/05 13:40:24, 10] sam/idmap_tdb.c:db_get_sid_from_id(283) db_get_sid_from_id: id_type_in = 0x2 [2004/10/05 13:40:24, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 40012 [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:winbind_client_read(469) client_read: read 1824 bytes. Need 0 more for a full request. [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:process_request(319) process_request: request fn LOOKUPNAME [2004/10/05 13:40:24, 3] nsswitch/winbindd_sid.c:winbindd_lookupname(96) [24277]: lookupname FR\administrator [2004/10/05 13:40:24, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(355) refresh_sequence_number: FR time ok [2004/10/05 13:40:24, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386) refresh_sequence_number: FR seq number is now 836088 [2004/10/05 13:40:24, 10] nsswitch/winbindd_cache.c:name_to_sid(982) name_to_sid: [Cached] - doing backend query for name for domain FR [2004/10/05 13:40:24, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(291) rpc: name_to_sid name=administrator [2004/10/05 13:40:24, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(300) name_to_sid [rpc] administrator for domain FR [2004/10/05 13:40:24, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1062) init_q_lookup_names [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_lookup_names [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: bcfe8830 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: f41e [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 48a9 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 9e 87 22 42 c3 5b 37 2a [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 num_entries : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_entries2 : 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unihdr hdr_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c uni_str_len: 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e uni_max_len: 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 buffer : 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 dom_name [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_max_len: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_str_len: 00000010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0030 buffer : F.R.\.a.d.m.i.n.i.s.t.r.a.t.o.r. [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 num_trans_entries : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 ptr_trans_sids : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 lookup_level : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c mapped_count : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_rpc_hdr_auth hdr_auth [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0060 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0061 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0062 padding : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0063 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 auth_context : 00000001 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1034) SCHANNEL seq_num=6 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_encode(1465) SCHANNEL: netsec_encode seq_num=6 data_len=96 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_rpc_auth_netsec_chk [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0070 seq_num: 17 0c 65 1a de 5b 2c 08 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0078 packet_digest: 11 c3 03 af dd 75 c0 bf [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0080 confounder: 91 5a 22 44 9b 93 40 88 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xe data_len: 0xa0 [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:create_rpc_request(869) create_rpc_request: data_len: a0 auth_len: 20 alloc_hint: 68 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00a0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000068 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000e [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:400e [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=242 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 160 (0xA0) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=175 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A0 00 20 00 1F 00 00 00 68 .......  . .....h [020] 00 00 00 00 00 0E 00 00 00 00 00 30 88 FE BC 1E ........ ...0.þ¼. [030] F4 A9 48 9E 87 22 42 C3 5B 37 2A 01 00 00 00 01 ô©H.."Bà [7*..... [040] 00 00 00 20 00 20 00 01 00 00 00 10 00 00 00 00 ... . .. ........ [050] 00 00 00 10 00 00 00 46 00 52 00 5C 00 61 00 64 .......F .R.\.a.d [060] 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 .m.i.n.i .s.t.r.a [070] 00 74 00 6F 00 72 00 00 00 00 00 00 00 00 00 01 .t.o.r.. ........ [080] 00 00 00 00 00 00 00 44 05 00 00 01 00 00 00 77 .......D .......w [090] 00 FF FF FF FF 00 00 17 0C 65 1A DE 5B 2C 08 11 .ÿÿÿÿ... .e.Þ[,.. [0A0] C3 03 AF DD 75 C0 BF 91 5A 22 44 9B 93 40 88 Ã.¯ÝuÀ¿. Z"D..@. [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 22 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) client_sign_outgoing_message: sent SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] EB 33 E1 70 DC 5A 22 2D ë3ápÜZ"- [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 23 mid = 13 [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(449) write_socket(18,246) [2004/10/05 13:40:24, 6] lib/util_sock.c:write_socket(452) write_socket(18,246) wrote 246 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 23 mid = 13 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_start(524) cli_signing_trans_start: storing mid = 13, reply_seq_num = 23, send_seq_num = 22 data->send_seq_num = 24 [2004/10/05 13:40:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 232 [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] A0 05 00 02 03 10 00 00 00 B0 00 20 00 1F 00 00  ....... .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 01 00 62 41 F4 01 00 00 00 00 00 00 01 00 00 ...bAô.. ........ [080] 00 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 ........ .D...... [090] 00 77 00 FF FF FF FF 00 00 D1 F9 47 AB 13 69 12 .w.ÿÿÿÿ. .ÑùG«.i. [0A0] B7 3C E8 43 21 C6 2F 41 2D 00 00 00 00 00 00 00 ·<èC!Æ/A -....... [0B0] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:simple_packet_signature(266) simple_packet_signature: sequence number 23 [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:client_check_incoming_message(403) client_check_incoming_message: seq 23: got good SMB signature of [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] 2C 84 D9 24 C6 7A 23 FE ,.Ù$Æz#þ [2004/10/05 13:40:24, 5] lib/util.c:show_msg(439) [2004/10/05 13:40:24, 5] lib/util.c:show_msg(449) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2055 smb_pid=24256 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2004/10/05 13:40:24, 10] lib/util.c:dump_data(1835) [000] A0 05 00 02 03 10 00 00 00 B0 00 20 00 1F 00 00  ....... .°. .... [010] 00 6C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .l...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 04 00 06 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 03 00 00 00 00 00 00 ........ ........ [040] 00 02 00 00 00 46 00 52 00 04 00 00 00 01 04 00 .....F.R ........ [050] 00 00 00 00 05 15 00 00 00 7B 87 B0 88 B6 D7 95 ........ .{.°.¶×. [060] 31 78 04 30 35 01 00 00 00 10 00 02 00 01 00 00 1x.05... ........ [070] 00 01 00 62 41 F4 01 00 00 00 00 00 00 01 00 00 ...bAô.. ........ [080] 00 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 ........ .D...... [090] 00 77 00 FF FF FF FF 00 00 D1 F9 47 AB 13 69 12 .w.ÿÿÿÿ. .ÑùG«.i. [0A0] B7 3C E8 43 21 C6 2F 41 2D 00 00 00 00 00 00 00 ·<èC!Æ/A -....... [0B0] 00 . [2004/10/05 13:40:24, 10] libsmb/smb_signing.c:cli_signing_trans_stop(543) cli_signing_trans_stop: freeing mid = 13, reply_seq_num = 23, send_seq_num = 22 data->send_seq_num = 24 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 176 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b0 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000001f [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000006c [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(494) rpc_api_pipe: len left: 0 smbtrans read: 176 [2004/10/05 13:40:24, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 176 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No [2004/10/05 13:40:24, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0008 sig : 77 00 ff ff ff ff 00 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0010 seq_num: d1 f9 47 ab 13 69 12 b7 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 packet_digest: 3c e8 43 21 c6 2f 41 2d [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0020 confounder: 00 00 00 00 00 00 00 00 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1542) SCHANNEL: netsec_encode seq_num=7 data_len=112 [2004/10/05 13:40:24, 10] rpc_parse/parse_prs.c:netsec_decode(1562) SCHANNEL: netsec_decode seq_num=7 data_len=112 [2004/10/05 13:40:24, 6] rpc_client/cli_pipe.c:rpc_api_pipe(536) rpc_api_pipe: fragment first and last both set [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_lookup_names [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_dom_ref: 00020000 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c lsa_io_dom_r_ref [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c num_ref_doms_1: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 ptr_ref_dom : 00020004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 max_entries : 00000020 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 num_ref_doms_2: 00000001 [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unihdr dom_ref[0] [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c uni_str_len: 0004 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e uni_max_len: 0006 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 buffer : 00020008 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 sid_ptr[0] : 0002000c [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unistr2 dom_ref[0] [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_max_len: 00000003 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c offset : 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 uni_str_len: 00000002 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0044 buffer : F.R. [2004/10/05 13:40:24, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_dom_sid2 sid_ptr[0] [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 num_auths: 00000004 [2004/10/05 13:40:24, 8] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_dom_sid sid [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004c sid_rev_num: 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004d num_auths : 04 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004e id_auth[0] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004f id_auth[1] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0050 id_auth[2] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0051 id_auth[3] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0052 id_auth[4] : 00 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0053 id_auth[5] : 05 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0054 sub_auths : 00000015 88b0877b 3195d7b6 35300478 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 num_entries: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 ptr_entries: 00020010 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c num_entries2: 00000001 [2004/10/05 13:40:24, 6] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_dom_rid2 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0070 type : 01 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 rid : 000001f4 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 rid_idx: 00000000 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c mapped_count: 00000001 [2004/10/05 13:40:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0080 status : NT_STATUS_OK [2004/10/05 13:40:24, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(622) wcache_save_name_to_sid: ADMINISTRATOR -> [2004/10/05 13:40:24, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes.