[2011/10/11 16:43:33.780072, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.782541, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5897, type= 0x3, gen_id = 579, uid = 0, flags = 0, file_id 801:10ca4f:0, name_hash = 0xe6b4a924 [2011/10/11 16:43:33.782606, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe6b4a924 [2011/10/11 16:43:33.782657, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004FCA [2011/10/11 16:43:33.782718, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat = 0 [2011/10/11 16:43:33.782766, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat [2011/10/11 16:43:33.782817, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat (numopen=206) NT_STATUS_OK [2011/10/11 16:43:33.782865, 5] smbd/files.c:464(file_free) freed files structure 18018 (317 used) [2011/10/11 16:43:33.782912, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.782937, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53064 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.783152, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.783438, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.783491, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.783534, 3] smbd/process.c:1661(process_smb) Transaction 7810 of length 45 (0 toread) [2011/10/11 16:43:33.783575, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.783600, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53128 smt_wct=3 smb_vwv[ 0]=18019 (0x4663) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.783861, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.783890, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.783936, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.783980, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.784429, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.784581, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.784665, 3] smbd/reply.c:4850(reply_close) close fd=73 fnum=18019 (numopen=206) [2011/10/11 16:43:33.784710, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.784776, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json, file_id = 801:2111e1:0 gen_id = 580 has kernel oplock state of 1. [2011/10/11 16:43:33.784842, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E111 [2011/10/11 16:43:33.784893, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.784936, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:36:28 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.785002, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x58e6, type= 0x3, gen_id = 580, uid = 0, flags = 0, file_id 801:2111e1:0, name_hash = 0x89f42e08 [2011/10/11 16:43:33.785052, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x89f42e08 [2011/10/11 16:43:33.785098, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E111 [2011/10/11 16:43:33.785153, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json = 0 [2011/10/11 16:43:33.785199, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json [2011/10/11 16:43:33.785248, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json (numopen=205) NT_STATUS_OK [2011/10/11 16:43:33.785294, 5] smbd/files.c:464(file_free) freed files structure 18019 (316 used) [2011/10/11 16:43:33.785342, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.785367, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53128 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.785607, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.785851, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.785901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.785942, 3] smbd/process.c:1661(process_smb) Transaction 7811 of length 45 (0 toread) [2011/10/11 16:43:33.785984, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.786009, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53192 smt_wct=3 smb_vwv[ 0]=18020 (0x4664) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.786270, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.786298, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.786343, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.786387, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.786853, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.786983, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.787045, 3] smbd/reply.c:4850(reply_close) close fd=74 fnum=18020 (numopen=205) [2011/10/11 16:43:33.787088, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.787148, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html, file_id = 801:2111e0:0 gen_id = 581 has kernel oplock state of 1. [2011/10/11 16:43:33.787210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E011 [2011/10/11 16:43:33.787259, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.787300, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.787365, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5903, type= 0x3, gen_id = 581, uid = 0, flags = 0, file_id 801:2111e0:0, name_hash = 0xbb9dbf02 [2011/10/11 16:43:33.787414, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb9dbf02 [2011/10/11 16:43:33.787459, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E011 [2011/10/11 16:43:33.787514, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html = 0 [2011/10/11 16:43:33.787560, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html [2011/10/11 16:43:33.787608, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html (numopen=204) NT_STATUS_OK [2011/10/11 16:43:33.787654, 5] smbd/files.c:464(file_free) freed files structure 18020 (315 used) [2011/10/11 16:43:33.787701, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.787727, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53192 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.787940, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.788188, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.788237, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.788279, 3] smbd/process.c:1661(process_smb) Transaction 7812 of length 45 (0 toread) [2011/10/11 16:43:33.788321, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.788361, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53256 smt_wct=3 smb_vwv[ 0]=18021 (0x4665) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.788624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.788650, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.788695, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.788738, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.789184, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.789314, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.789372, 3] smbd/reply.c:4850(reply_close) close fd=75 fnum=18021 (numopen=204) [2011/10/11 16:43:33.789438, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.789498, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html, file_id = 801:2111df:0 gen_id = 582 has kernel oplock state of 1. [2011/10/11 16:43:33.789558, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000DF11 [2011/10/11 16:43:33.789606, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.789648, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.789712, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5b04, type= 0x3, gen_id = 582, uid = 0, flags = 0, file_id 801:2111df:0, name_hash = 0x277d017a [2011/10/11 16:43:33.789763, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x277d017a [2011/10/11 16:43:33.789812, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000DF11 [2011/10/11 16:43:33.789866, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html = 0 [2011/10/11 16:43:33.789912, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html [2011/10/11 16:43:33.789960, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html (numopen=203) NT_STATUS_OK [2011/10/11 16:43:33.790020, 5] smbd/files.c:464(file_free) freed files structure 18021 (314 used) [2011/10/11 16:43:33.790067, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.790092, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53256 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.790308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.790550, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.790600, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.790643, 3] smbd/process.c:1661(process_smb) Transaction 7813 of length 45 (0 toread) [2011/10/11 16:43:33.790685, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.790710, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53320 smt_wct=3 smb_vwv[ 0]=18022 (0x4666) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.790974, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.791001, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.791046, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.791089, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.791539, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.791670, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.791732, 3] smbd/reply.c:4850(reply_close) close fd=76 fnum=18022 (numopen=203) [2011/10/11 16:43:33.791775, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.791835, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html, file_id = 801:2111de:0 gen_id = 583 has kernel oplock state of 1. [2011/10/11 16:43:33.791895, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000DE11 [2011/10/11 16:43:33.791944, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.791986, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.792050, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x679d, type= 0x3, gen_id = 583, uid = 0, flags = 0, file_id 801:2111de:0, name_hash = 0x4d36e2a7 [2011/10/11 16:43:33.792117, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4d36e2a7 [2011/10/11 16:43:33.792163, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000DE11 [2011/10/11 16:43:33.792218, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html = 0 [2011/10/11 16:43:33.792264, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html [2011/10/11 16:43:33.792311, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html (numopen=202) NT_STATUS_OK [2011/10/11 16:43:33.792357, 5] smbd/files.c:464(file_free) freed files structure 18022 (313 used) [2011/10/11 16:43:33.792404, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.792429, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53320 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.792644, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.792894, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.792944, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.792986, 3] smbd/process.c:1661(process_smb) Transaction 7814 of length 45 (0 toread) [2011/10/11 16:43:33.793028, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.793053, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53384 smt_wct=3 smb_vwv[ 0]=18023 (0x4667) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.793315, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.793341, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.793408, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.793453, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.793903, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.794033, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.794092, 3] smbd/reply.c:4850(reply_close) close fd=77 fnum=18023 (numopen=202) [2011/10/11 16:43:33.794136, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.794213, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html, file_id = 801:2111b6:0 gen_id = 584 has kernel oplock state of 1. [2011/10/11 16:43:33.794274, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B611 [2011/10/11 16:43:33.794322, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.794364, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.794429, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x67d9, type= 0x3, gen_id = 584, uid = 0, flags = 0, file_id 801:2111b6:0, name_hash = 0x4ac36d89 [2011/10/11 16:43:33.794479, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4ac36d89 [2011/10/11 16:43:33.794524, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B611 [2011/10/11 16:43:33.794578, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html = 0 [2011/10/11 16:43:33.794625, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html [2011/10/11 16:43:33.794672, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html (numopen=201) NT_STATUS_OK [2011/10/11 16:43:33.794718, 5] smbd/files.c:464(file_free) freed files structure 18023 (312 used) [2011/10/11 16:43:33.794766, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.794791, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53384 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.795006, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.795218, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.795270, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.795312, 3] smbd/process.c:1661(process_smb) Transaction 7815 of length 45 (0 toread) [2011/10/11 16:43:33.795354, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.795379, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53448 smt_wct=3 smb_vwv[ 0]=18024 (0x4668) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.795641, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.795669, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.795714, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.795758, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.796223, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.796354, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.796414, 3] smbd/reply.c:4850(reply_close) close fd=78 fnum=18024 (numopen=201) [2011/10/11 16:43:33.796456, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.796516, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini, file_id = 801:105b67:0 gen_id = 585 has kernel oplock state of 1. [2011/10/11 16:43:33.796576, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000675B [2011/10/11 16:43:33.796624, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.796666, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.796730, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6827, type= 0x3, gen_id = 585, uid = 0, flags = 0, file_id 801:105b67:0, name_hash = 0x734a97d6 [2011/10/11 16:43:33.796780, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x734a97d6 [2011/10/11 16:43:33.796825, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000675B [2011/10/11 16:43:33.796880, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini = 0 [2011/10/11 16:43:33.796925, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini [2011/10/11 16:43:33.796972, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini (numopen=200) NT_STATUS_OK [2011/10/11 16:43:33.797017, 5] smbd/files.c:464(file_free) freed files structure 18024 (311 used) [2011/10/11 16:43:33.797064, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.797089, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53448 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.797303, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.797555, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.797607, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.797650, 3] smbd/process.c:1661(process_smb) Transaction 7816 of length 45 (0 toread) [2011/10/11 16:43:33.797691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.797716, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53512 smt_wct=3 smb_vwv[ 0]=18025 (0x4669) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.797978, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.798005, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.798071, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.798115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.798561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.798690, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.798753, 3] smbd/reply.c:4850(reply_close) close fd=79 fnum=18025 (numopen=200) [2011/10/11 16:43:33.798797, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.798857, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat, file_id = 801:ec78a:0 gen_id = 586 has kernel oplock state of 1. [2011/10/11 16:43:33.798918, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008AC7 [2011/10/11 16:43:33.798967, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.799009, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.799073, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6857, type= 0x3, gen_id = 586, uid = 0, flags = 0, file_id 801:ec78a:0, name_hash = 0x9262f61f [2011/10/11 16:43:33.799124, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9262f61f [2011/10/11 16:43:33.799170, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008AC7 [2011/10/11 16:43:33.799225, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat = 0 [2011/10/11 16:43:33.799270, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat [2011/10/11 16:43:33.799318, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat (numopen=199) NT_STATUS_OK [2011/10/11 16:43:33.799364, 5] smbd/files.c:464(file_free) freed files structure 18025 (310 used) [2011/10/11 16:43:33.799411, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.799437, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53512 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.799653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.800056, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 112 [2011/10/11 16:43:33.800121, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x70 [2011/10/11 16:43:33.800164, 3] smbd/process.c:1661(process_smb) Transaction 7817 of length 116 (0 toread) [2011/10/11 16:43:33.800206, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.800231, 5] lib/util.c:341(show_msg) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53576 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [2011/10/11 16:43:33.800683, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 24 00 52 00 45 00 43 00 59 00 43 .o.\.$.R .E.C.Y.C [0020] 00 4C 00 45 00 2E 00 42 00 49 00 4E 00 00 00 .L.E...B .I.N... [2011/10/11 16:43:33.800813, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0c829c0 [2011/10/11 16:43:33.800858, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.800901, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.801367, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.801518, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.801562, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop [2011/10/11 16:43:33.801613, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:33.801661, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN" [2011/10/11 16:43:33.801708, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/$RECYCLE.BIN] -> [ando/$RECYCLE.BIN] [2011/10/11 16:43:33.801757, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN, dirpath = , start = ando/$RECYCLE.BIN [2011/10/11 16:43:33.801806, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.801847, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.801889, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.801933, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.801973, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.802086, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.802132, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.802173, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.802218, 3] smbd/trans2.c:5227(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of ando/$RECYCLE.BIN failed (No such file or directory) [2011/10/11 16:43:33.802272, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(5229) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:33.802317, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.802342, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53576 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.802556, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.802631, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.802680, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.802722, 3] smbd/process.c:1661(process_smb) Transaction 7818 of length 45 (0 toread) [2011/10/11 16:43:33.802763, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.802788, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53636 smt_wct=3 smb_vwv[ 0]=18026 (0x466A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.803080, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.803107, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.803153, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.803197, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.803644, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.803774, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.803818, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.803874, 3] smbd/reply.c:4850(reply_close) close fd=80 fnum=18026 (numopen=199) [2011/10/11 16:43:33.803917, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.803981, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db, file_id = 801:1f51cc:0 gen_id = 587 has kernel oplock state of 1. [2011/10/11 16:43:33.804044, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CC51 [2011/10/11 16:43:33.804095, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.804156, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.804222, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x68a6, type= 0x3, gen_id = 587, uid = 0, flags = 0, file_id 801:1f51cc:0, name_hash = 0x54e7b123 [2011/10/11 16:43:33.804274, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x54e7b123 [2011/10/11 16:43:33.804320, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CC51 [2011/10/11 16:43:33.804375, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db = 0 [2011/10/11 16:43:33.804421, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db [2011/10/11 16:43:33.804469, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db (numopen=198) NT_STATUS_OK [2011/10/11 16:43:33.804515, 5] smbd/files.c:464(file_free) freed files structure 18026 (309 used) [2011/10/11 16:43:33.804562, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.804588, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53636 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.804802, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.804876, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 122 [2011/10/11 16:43:33.804924, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x7a [2011/10/11 16:43:33.804966, 3] smbd/process.c:1661(process_smb) Transaction 7819 of length 126 (0 toread) [2011/10/11 16:43:33.805034, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.805061, 5] lib/util.c:341(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53704 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=39 [2011/10/11 16:43:33.805681, 10] ../lib/util/util.c:415(dump_data) [0000] DB 5C 00 61 00 6E 00 64 00 6F 00 5C 00 24 00 52 .\.a.n.d .o.\.$.R [0010] 00 45 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 .E.C.Y.C .L.E...B [0020] 00 49 00 4E 00 00 00 .I.N... [2011/10/11 16:43:33.805804, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0c829c0 [2011/10/11 16:43:33.805849, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.805892, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.806360, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.806489, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.806533, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop [2011/10/11 16:43:33.806583, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.806629, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN" [2011/10/11 16:43:33.806673, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN] [2011/10/11 16:43:33.806716, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:33.806762, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.806809, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.806851, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.806892, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.806936, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.806976, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.807065, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.807109, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.807150, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.807193, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.807243, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.807290, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/$RECYCLE.BIN, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:33.807337, 5] smbd/open.c:2613(mkdir_internal) mkdir_internal: failing create on read-only share desktop7 [2011/10/11 16:43:33.807380, 2] smbd/open.c:2807(open_directory) open_directory: unable to create ando/$RECYCLE.BIN. Error was NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807423, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807480, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807524, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807567, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.807591, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53704 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.807803, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.807879, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.807926, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.807968, 3] smbd/process.c:1661(process_smb) Transaction 7820 of length 45 (0 toread) [2011/10/11 16:43:33.808010, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.808035, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53764 smt_wct=3 smb_vwv[ 0]=18027 (0x466B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.808325, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.808352, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.808397, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.808440, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.808884, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.809014, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.809058, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.809114, 3] smbd/reply.c:4850(reply_close) close fd=81 fnum=18027 (numopen=198) [2011/10/11 16:43:33.809157, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.809221, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js, file_id = 801:1f51cb:0 gen_id = 588 has kernel oplock state of 1. [2011/10/11 16:43:33.809283, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CB51 [2011/10/11 16:43:33.809334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.809395, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.809462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x68c3, type= 0x3, gen_id = 588, uid = 0, flags = 0, file_id 801:1f51cb:0, name_hash = 0x7c2e0f2a [2011/10/11 16:43:33.809532, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7c2e0f2a [2011/10/11 16:43:33.809578, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CB51 [2011/10/11 16:43:33.809633, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js = 0 [2011/10/11 16:43:33.809678, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js [2011/10/11 16:43:33.809726, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js (numopen=197) NT_STATUS_OK [2011/10/11 16:43:33.809772, 5] smbd/files.c:464(file_free) freed files structure 18027 (308 used) [2011/10/11 16:43:33.809821, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.809845, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53764 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.810059, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.810135, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 102 [2011/10/11 16:43:33.810182, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x66 [2011/10/11 16:43:33.810223, 3] smbd/process.c:1661(process_smb) Transaction 7821 of length 106 (0 toread) [2011/10/11 16:43:33.810294, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.810319, 5] lib/util.c:341(show_msg) size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53832 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [2011/10/11 16:43:33.810771, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 24 00 52 00 45 ........ .\.$.R.E [0010] 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 00 49 .C.Y.C.L .E...B.I [0020] 00 4E 00 00 00 .N... [2011/10/11 16:43:33.810893, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0c7f270 [2011/10/11 16:43:33.810938, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.810981, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.811440, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.811570, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.811614, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop/ando [2011/10/11 16:43:33.811662, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:33.811708, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "$RECYCLE.BIN" [2011/10/11 16:43:33.811753, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [$RECYCLE.BIN] [2011/10/11 16:43:33.811797, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = $RECYCLE.BIN, dirpath = , start = $RECYCLE.BIN [2011/10/11 16:43:33.811843, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.811884, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.811928, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.811969, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.812056, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.812100, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.812142, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.812186, 3] smbd/trans2.c:5227(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of $RECYCLE.BIN failed (No such file or directory) [2011/10/11 16:43:33.812239, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(5229) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:33.812284, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.812308, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53832 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.812523, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.812593, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.812640, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.812682, 3] smbd/process.c:1661(process_smb) Transaction 7822 of length 45 (0 toread) [2011/10/11 16:43:33.812724, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.812749, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53892 smt_wct=3 smb_vwv[ 0]=18028 (0x466C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.813038, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.813065, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.813110, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.813154, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.813642, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.813772, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.813815, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.813873, 3] smbd/reply.c:4850(reply_close) close fd=82 fnum=18028 (numopen=197) [2011/10/11 16:43:33.813916, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.813980, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db, file_id = 801:1f51ca:0 gen_id = 589 has kernel oplock state of 1. [2011/10/11 16:43:33.814042, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CA51 [2011/10/11 16:43:33.814093, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.814135, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.814201, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6ac4, type= 0x3, gen_id = 589, uid = 0, flags = 0, file_id 801:1f51ca:0, name_hash = 0xac7eb75c [2011/10/11 16:43:33.814252, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xac7eb75c [2011/10/11 16:43:33.814297, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CA51 [2011/10/11 16:43:33.814352, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db = 0 [2011/10/11 16:43:33.814398, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db [2011/10/11 16:43:33.814446, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db (numopen=196) NT_STATUS_OK [2011/10/11 16:43:33.814491, 5] smbd/files.c:464(file_free) freed files structure 18028 (307 used) [2011/10/11 16:43:33.814538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.814563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53892 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.814777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.814853, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 112 [2011/10/11 16:43:33.814901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x70 [2011/10/11 16:43:33.814943, 3] smbd/process.c:1661(process_smb) Transaction 7823 of length 116 (0 toread) [2011/10/11 16:43:33.815016, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.815042, 5] lib/util.c:341(show_msg) size=112 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53960 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6656 (0x1A00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:33.815657, 10] ../lib/util/util.c:415(dump_data) [0000] F1 5C 00 24 00 52 00 45 00 43 00 59 00 43 00 4C .\.$.R.E .C.Y.C.L [0010] 00 45 00 2E 00 42 00 49 00 4E 00 00 00 .E...B.I .N... [2011/10/11 16:43:33.815751, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0c7f270 [2011/10/11 16:43:33.815797, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.815840, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.816287, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.816417, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.816461, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop/ando [2011/10/11 16:43:33.816511, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = $RECYCLE.BIN [2011/10/11 16:43:33.816558, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "$RECYCLE.BIN" [2011/10/11 16:43:33.816602, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [$RECYCLE.BIN] [2011/10/11 16:43:33.816646, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = $RECYCLE.BIN, dirpath = , start = $RECYCLE.BIN [2011/10/11 16:43:33.816692, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816732, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816777, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816817, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816902, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816947, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816988, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.817031, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = $RECYCLE.BIN [2011/10/11 16:43:33.817096, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = $RECYCLE.BIN [2011/10/11 16:43:33.817144, 5] smbd/open.c:2756(open_directory) open_directory: opening directory $RECYCLE.BIN, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:33.817190, 5] smbd/open.c:2613(mkdir_internal) mkdir_internal: failing create on read-only share desktop [2011/10/11 16:43:33.817234, 2] smbd/open.c:2807(open_directory) open_directory: unable to create $RECYCLE.BIN. Error was NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817277, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817318, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817362, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817438, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.817464, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53960 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.817677, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.817752, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.817799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.817841, 3] smbd/process.c:1661(process_smb) Transaction 7824 of length 45 (0 toread) [2011/10/11 16:43:33.817883, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.817907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54020 smt_wct=3 smb_vwv[ 0]=18029 (0x466D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.818170, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.818225, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.818272, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.818316, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.818765, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.818894, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.818938, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.819014, 3] smbd/reply.c:4850(reply_close) close fd=83 fnum=18029 (numopen=196) [2011/10/11 16:43:33.819058, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.819121, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf, file_id = 801:1f51c9:0 gen_id = 590 has kernel oplock state of 1. [2011/10/11 16:43:33.819184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C951 [2011/10/11 16:43:33.819240, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.819282, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.819348, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x779d, type= 0x3, gen_id = 590, uid = 0, flags = 0, file_id 801:1f51c9:0, name_hash = 0x95a0e0de [2011/10/11 16:43:33.819401, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95a0e0de [2011/10/11 16:43:33.819449, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C951 [2011/10/11 16:43:33.819504, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf = 0 [2011/10/11 16:43:33.819550, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf [2011/10/11 16:43:33.819598, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf (numopen=195) NT_STATUS_OK [2011/10/11 16:43:33.819644, 5] smbd/files.c:464(file_free) freed files structure 18029 (306 used) [2011/10/11 16:43:33.819690, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.819715, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54020 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.819929, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.820002, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 130 [2011/10/11 16:43:33.820049, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x82 [2011/10/11 16:43:33.820091, 3] smbd/process.c:1661(process_smb) Transaction 7825 of length 134 (0 toread) [2011/10/11 16:43:33.820160, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.820186, 5] lib/util.c:341(show_msg) size=130 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=54088 smt_wct=15 smb_vwv[ 0]= 62 (0x3E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 62 (0x3E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=65 [2011/10/11 16:43:33.820640, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 24 00 52 00 45 .a.n.d.o .\.$.R.E [0020] 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 00 49 .C.Y.C.L .E...B.I [0030] 00 4E 00 5C 00 24 00 52 00 3C 00 22 00 2A 00 00 .N.\.$.R .<.".*.. [0040] 00 . [2011/10/11 16:43:33.820826, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:33.820887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.820930, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.821372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.821522, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.821565, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:33.821618, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:33.821669, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN/$R<"*" [2011/10/11 16:43:33.821714, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN/$R<"*] [2011/10/11 16:43:33.821757, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN] [2011/10/11 16:43:33.821800, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:33.821846, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN/$R<"*, dirpath = ando, start = $RECYCLE.BIN/$R<"* [2011/10/11 16:43:33.821895, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN/$R<"*, dirpath = ando/$RECYCLE.BIN, start = $R<"* [2011/10/11 16:43:33.821937, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $R<"* ? [2011/10/11 16:43:33.821978, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $R<"* (len 5) ? [2011/10/11 16:43:33.822021, 5] smbd/filename.c:609(unix_convert) Wildcard $R<"* [2011/10/11 16:43:33.822063, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/$RECYCLE.BIN, mask = $R<"* [2011/10/11 16:43:33.822109, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/$RECYCLE.BIN [2011/10/11 16:43:33.822164, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/$RECYCLE.BIN, expect_close = 1 [2011/10/11 16:43:33.822206, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = $R<"*, attr = 22 [2011/10/11 16:43:33.822248, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:33.822296, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 0 [2011/10/11 16:43:33.822346, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 2147483648 [2011/10/11 16:43:33.822412, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 4096 [2011/10/11 16:43:33.822457, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset -1 [2011/10/11 16:43:33.822528, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:33.822570, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:33.822646, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:33.822693, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.822719, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=54088 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.822931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.823010, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.823058, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.823100, 3] smbd/process.c:1661(process_smb) Transaction 7826 of length 45 (0 toread) [2011/10/11 16:43:33.823142, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.823166, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54148 smt_wct=3 smb_vwv[ 0]=18030 (0x466E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.823427, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.823454, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.823499, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.823543, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.823989, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.824119, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.824162, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.824217, 3] smbd/reply.c:4850(reply_close) close fd=84 fnum=18030 (numopen=195) [2011/10/11 16:43:33.824260, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.824324, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini, file_id = 801:1f51c8:0 gen_id = 591 has kernel oplock state of 1. [2011/10/11 16:43:33.824387, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C851 [2011/10/11 16:43:33.824438, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.824480, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.824563, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x77d9, type= 0x3, gen_id = 591, uid = 0, flags = 0, file_id 801:1f51c8:0, name_hash = 0x938e2ddd [2011/10/11 16:43:33.824615, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x938e2ddd [2011/10/11 16:43:33.824661, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C851 [2011/10/11 16:43:33.824716, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini = 0 [2011/10/11 16:43:33.824762, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini [2011/10/11 16:43:33.824810, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini (numopen=194) NT_STATUS_OK [2011/10/11 16:43:33.824856, 5] smbd/files.c:464(file_free) freed files structure 18030 (305 used) [2011/10/11 16:43:33.824903, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.824928, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54148 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.825142, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.825368, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.825444, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.825487, 3] smbd/process.c:1661(process_smb) Transaction 7827 of length 45 (0 toread) [2011/10/11 16:43:33.825528, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.825553, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54212 smt_wct=3 smb_vwv[ 0]=18031 (0x466F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.825815, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.825843, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.825889, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.825933, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.826381, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.826512, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.826593, 3] smbd/reply.c:4850(reply_close) close fd=85 fnum=18031 (numopen=194) [2011/10/11 16:43:33.826637, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.826700, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db, file_id = 801:1f51c7:0 gen_id = 592 has kernel oplock state of 1. [2011/10/11 16:43:33.826761, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C751 [2011/10/11 16:43:33.826811, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.826854, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.826918, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7827, type= 0x3, gen_id = 592, uid = 0, flags = 0, file_id 801:1f51c7:0, name_hash = 0x29b4375e [2011/10/11 16:43:33.826969, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x29b4375e [2011/10/11 16:43:33.827014, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C751 [2011/10/11 16:43:33.827069, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db = 0 [2011/10/11 16:43:33.827115, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db [2011/10/11 16:43:33.827162, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db (numopen=193) NT_STATUS_OK [2011/10/11 16:43:33.827207, 5] smbd/files.c:464(file_free) freed files structure 18031 (304 used) [2011/10/11 16:43:33.827254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.827279, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54212 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.827493, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.827739, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.827789, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.827831, 3] smbd/process.c:1661(process_smb) Transaction 7828 of length 45 (0 toread) [2011/10/11 16:43:33.827873, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.827898, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54276 smt_wct=3 smb_vwv[ 0]=18032 (0x4670) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.828158, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.828185, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.828230, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.828273, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.828736, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.828865, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.828924, 3] smbd/reply.c:4850(reply_close) close fd=86 fnum=18032 (numopen=193) [2011/10/11 16:43:33.828967, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.829027, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf, file_id = 801:1f51c6:0 gen_id = 593 has kernel oplock state of 1. [2011/10/11 16:43:33.829087, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C651 [2011/10/11 16:43:33.829136, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.829178, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.829242, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7857, type= 0x3, gen_id = 593, uid = 0, flags = 0, file_id 801:1f51c6:0, name_hash = 0x8c0bff22 [2011/10/11 16:43:33.829292, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8c0bff22 [2011/10/11 16:43:33.829337, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C651 [2011/10/11 16:43:33.829413, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf = 0 [2011/10/11 16:43:33.829459, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf [2011/10/11 16:43:33.829506, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf (numopen=192) NT_STATUS_OK [2011/10/11 16:43:33.829551, 5] smbd/files.c:464(file_free) freed files structure 18032 (303 used) [2011/10/11 16:43:33.829597, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.829623, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54276 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.829837, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.830078, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.830127, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.830169, 3] smbd/process.c:1661(process_smb) Transaction 7829 of length 45 (0 toread) [2011/10/11 16:43:33.830211, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.830236, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54340 smt_wct=3 smb_vwv[ 0]=18033 (0x4671) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.830515, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.830543, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.830588, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.830631, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.831076, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.831205, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.831264, 3] smbd/reply.c:4850(reply_close) close fd=87 fnum=18033 (numopen=192) [2011/10/11 16:43:33.831307, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.831366, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf, file_id = 801:1f51c5:0 gen_id = 594 has kernel oplock state of 1. [2011/10/11 16:43:33.831426, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C551 [2011/10/11 16:43:33.831474, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.831516, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.831580, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7883, type= 0x3, gen_id = 594, uid = 0, flags = 0, file_id 801:1f51c5:0, name_hash = 0x93b485d6 [2011/10/11 16:43:33.831630, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x93b485d6 [2011/10/11 16:43:33.831678, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C551 [2011/10/11 16:43:33.831733, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf = 0 [2011/10/11 16:43:33.831778, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf [2011/10/11 16:43:33.831825, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf (numopen=191) NT_STATUS_OK [2011/10/11 16:43:33.831871, 5] smbd/files.c:464(file_free) freed files structure 18033 (302 used) [2011/10/11 16:43:33.831918, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.831943, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54340 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.832174, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.832408, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.832458, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.832500, 3] smbd/process.c:1661(process_smb) Transaction 7830 of length 45 (0 toread) [2011/10/11 16:43:33.832542, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.832567, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54404 smt_wct=3 smb_vwv[ 0]=18034 (0x4672) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.832828, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.832855, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.832900, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.832943, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.833413, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.833544, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.833602, 3] smbd/reply.c:4850(reply_close) close fd=88 fnum=18034 (numopen=191) [2011/10/11 16:43:33.833645, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.833704, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb, file_id = 801:1f51c4:0 gen_id = 595 has kernel oplock state of 1. [2011/10/11 16:43:33.833765, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C451 [2011/10/11 16:43:33.833814, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.833856, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.833920, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x78d8, type= 0x3, gen_id = 595, uid = 0, flags = 0, file_id 801:1f51c4:0, name_hash = 0x2b57a54c [2011/10/11 16:43:33.833970, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2b57a54c [2011/10/11 16:43:33.834015, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C451 [2011/10/11 16:43:33.834069, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb = 0 [2011/10/11 16:43:33.834133, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb [2011/10/11 16:43:33.834180, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb (numopen=190) NT_STATUS_OK [2011/10/11 16:43:33.834226, 5] smbd/files.c:464(file_free) freed files structure 18034 (301 used) [2011/10/11 16:43:33.834270, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.834296, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54404 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.834510, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.834739, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.834789, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.834831, 3] smbd/process.c:1661(process_smb) Transaction 7831 of length 45 (0 toread) [2011/10/11 16:43:33.834872, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.834897, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54468 smt_wct=3 smb_vwv[ 0]=18035 (0x4673) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.835158, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.835185, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.835231, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.835274, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.835721, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.835850, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.835909, 3] smbd/reply.c:4850(reply_close) close fd=89 fnum=18035 (numopen=190) [2011/10/11 16:43:33.835952, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.836011, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache, file_id = 801:1f51c3:0 gen_id = 596 has kernel oplock state of 1. [2011/10/11 16:43:33.836071, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C351 [2011/10/11 16:43:33.836120, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.836178, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.836243, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7ac4, type= 0x3, gen_id = 596, uid = 0, flags = 0, file_id 801:1f51c3:0, name_hash = 0x5bc606c4 [2011/10/11 16:43:33.836293, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5bc606c4 [2011/10/11 16:43:33.836338, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C351 [2011/10/11 16:43:33.836392, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache = 0 [2011/10/11 16:43:33.836438, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache [2011/10/11 16:43:33.836485, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache (numopen=189) NT_STATUS_OK [2011/10/11 16:43:33.836531, 5] smbd/files.c:464(file_free) freed files structure 18035 (300 used) [2011/10/11 16:43:33.836577, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.836603, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54468 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.836817, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.837064, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.837113, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.837155, 3] smbd/process.c:1661(process_smb) Transaction 7832 of length 45 (0 toread) [2011/10/11 16:43:33.837196, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.837221, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54532 smt_wct=3 smb_vwv[ 0]=18036 (0x4674) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.837504, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.837532, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.837576, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.837620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.838066, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.838213, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.838271, 3] smbd/reply.c:4850(reply_close) close fd=90 fnum=18036 (numopen=189) [2011/10/11 16:43:33.838314, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.838373, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat, file_id = 801:1f51c2:0 gen_id = 597 has kernel oplock state of 1. [2011/10/11 16:43:33.838433, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C251 [2011/10/11 16:43:33.838482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.838523, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.838588, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x875d, type= 0x3, gen_id = 597, uid = 0, flags = 0, file_id 801:1f51c2:0, name_hash = 0xcddf5a62 [2011/10/11 16:43:33.838637, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcddf5a62 [2011/10/11 16:43:33.838682, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C251 [2011/10/11 16:43:33.838736, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat = 0 [2011/10/11 16:43:33.838782, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat [2011/10/11 16:43:33.838829, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat (numopen=188) NT_STATUS_OK [2011/10/11 16:43:33.838873, 5] smbd/files.c:464(file_free) freed files structure 18036 (299 used) [2011/10/11 16:43:33.838921, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.838946, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54532 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.839160, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.839415, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.839465, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.839507, 3] smbd/process.c:1661(process_smb) Transaction 7833 of length 45 (0 toread) [2011/10/11 16:43:33.839548, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.839572, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54596 smt_wct=3 smb_vwv[ 0]=18037 (0x4675) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.839833, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.839859, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.839904, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.839948, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.840409, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.840537, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.840595, 3] smbd/reply.c:4850(reply_close) close fd=91 fnum=18037 (numopen=188) [2011/10/11 16:43:33.840638, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.840698, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat, file_id = 801:1f51b8:0 gen_id = 598 has kernel oplock state of 1. [2011/10/11 16:43:33.840758, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B851 [2011/10/11 16:43:33.840806, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.840848, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.840912, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8799, type= 0x3, gen_id = 598, uid = 0, flags = 0, file_id 801:1f51b8:0, name_hash = 0xa444ef7e [2011/10/11 16:43:33.840961, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa444ef7e [2011/10/11 16:43:33.841006, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B851 [2011/10/11 16:43:33.841060, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat = 0 [2011/10/11 16:43:33.841105, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat [2011/10/11 16:43:33.841152, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat (numopen=187) NT_STATUS_OK [2011/10/11 16:43:33.841198, 5] smbd/files.c:464(file_free) freed files structure 18037 (298 used) [2011/10/11 16:43:33.841244, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.841269, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54596 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.841504, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.841812, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.841862, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.841904, 3] smbd/process.c:1661(process_smb) Transaction 7834 of length 45 (0 toread) [2011/10/11 16:43:33.841945, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.841970, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54660 smt_wct=3 smb_vwv[ 0]=18038 (0x4676) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.842250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.842277, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.842322, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.842366, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.842813, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.842942, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.843000, 3] smbd/reply.c:4850(reply_close) close fd=92 fnum=18038 (numopen=187) [2011/10/11 16:43:33.843044, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.843103, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini, file_id = 801:1f51b7:0 gen_id = 599 has kernel oplock state of 1. [2011/10/11 16:43:33.843163, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B751 [2011/10/11 16:43:33.843212, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.843254, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.843318, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x87e7, type= 0x3, gen_id = 599, uid = 0, flags = 0, file_id 801:1f51b7:0, name_hash = 0x29899bf4 [2011/10/11 16:43:33.843368, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x29899bf4 [2011/10/11 16:43:33.843413, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B751 [2011/10/11 16:43:33.843468, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini = 0 [2011/10/11 16:43:33.843513, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini [2011/10/11 16:43:33.843561, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini (numopen=186) NT_STATUS_OK [2011/10/11 16:43:33.843606, 5] smbd/files.c:464(file_free) freed files structure 18038 (297 used) [2011/10/11 16:43:33.843654, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.843694, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54660 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.843911, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.844181, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.844229, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.844272, 3] smbd/process.c:1661(process_smb) Transaction 7835 of length 45 (0 toread) [2011/10/11 16:43:33.844313, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.844338, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54724 smt_wct=3 smb_vwv[ 0]=18039 (0x4677) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.844601, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.844628, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.844673, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.844716, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.845164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.845294, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.845349, 3] smbd/reply.c:4850(reply_close) close fd=93 fnum=18039 (numopen=186) [2011/10/11 16:43:33.845414, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.845474, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf, file_id = 801:f8caa:0 gen_id = 600 has kernel oplock state of 1. [2011/10/11 16:43:33.845534, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA8C [2011/10/11 16:43:33.845587, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.845629, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.845693, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8817, type= 0x3, gen_id = 600, uid = 0, flags = 0, file_id 801:f8caa:0, name_hash = 0x942d1736 [2011/10/11 16:43:33.845743, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x942d1736 [2011/10/11 16:43:33.845791, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA8C [2011/10/11 16:43:33.845873, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf = 0 [2011/10/11 16:43:33.845919, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf [2011/10/11 16:43:33.845967, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf (numopen=185) NT_STATUS_OK [2011/10/11 16:43:33.846012, 5] smbd/files.c:464(file_free) freed files structure 18039 (296 used) [2011/10/11 16:43:33.846059, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.846084, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54724 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.846299, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.846576, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.846628, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.846670, 3] smbd/process.c:1661(process_smb) Transaction 7836 of length 45 (0 toread) [2011/10/11 16:43:33.846712, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.846737, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54788 smt_wct=3 smb_vwv[ 0]=18040 (0x4678) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.846999, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.847026, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.847071, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.847115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.847563, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.847693, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.847753, 3] smbd/reply.c:4850(reply_close) close fd=94 fnum=18040 (numopen=185) [2011/10/11 16:43:33.847797, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.847856, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat, file_id = 801:1f5145:0 gen_id = 601 has kernel oplock state of 1. [2011/10/11 16:43:33.847917, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004551 [2011/10/11 16:43:33.847984, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.848026, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.848091, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8843, type= 0x3, gen_id = 601, uid = 0, flags = 0, file_id 801:1f5145:0, name_hash = 0xa8a02123 [2011/10/11 16:43:33.848141, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa8a02123 [2011/10/11 16:43:33.848186, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004551 [2011/10/11 16:43:33.848241, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat = 0 [2011/10/11 16:43:33.848286, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat [2011/10/11 16:43:33.848333, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat (numopen=184) NT_STATUS_OK [2011/10/11 16:43:33.848378, 5] smbd/files.c:464(file_free) freed files structure 18040 (295 used) [2011/10/11 16:43:33.848424, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.848450, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54788 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.848664, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.848937, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.848986, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.849028, 3] smbd/process.c:1661(process_smb) Transaction 7837 of length 45 (0 toread) [2011/10/11 16:43:33.849069, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.849094, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54852 smt_wct=3 smb_vwv[ 0]=18041 (0x4679) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.849354, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.849402, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.849448, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.849491, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.849935, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.850083, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.850142, 3] smbd/reply.c:4850(reply_close) close fd=95 fnum=18041 (numopen=184) [2011/10/11 16:43:33.850185, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.850244, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini, file_id = 801:ec771:0 gen_id = 602 has kernel oplock state of 1. [2011/10/11 16:43:33.850305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000071C7 [2011/10/11 16:43:33.850354, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.850396, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.850460, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8898, type= 0x3, gen_id = 602, uid = 0, flags = 0, file_id 801:ec771:0, name_hash = 0x782947d7 [2011/10/11 16:43:33.850510, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x782947d7 [2011/10/11 16:43:33.850555, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000071C7 [2011/10/11 16:43:33.850609, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini = 0 [2011/10/11 16:43:33.850654, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini [2011/10/11 16:43:33.850701, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini (numopen=183) NT_STATUS_OK [2011/10/11 16:43:33.850746, 5] smbd/files.c:464(file_free) freed files structure 18041 (294 used) [2011/10/11 16:43:33.850796, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.850821, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54852 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.851037, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.851312, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.851363, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.851405, 3] smbd/process.c:1661(process_smb) Transaction 7838 of length 45 (0 toread) [2011/10/11 16:43:33.851447, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.851471, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54916 smt_wct=3 smb_vwv[ 0]=18042 (0x467A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.851734, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.851760, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.851806, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.851849, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.852313, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.852443, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.852501, 3] smbd/reply.c:4850(reply_close) close fd=96 fnum=18042 (numopen=183) [2011/10/11 16:43:33.852544, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.852604, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat, file_id = 801:245295:0 gen_id = 603 has kernel oplock state of 1. [2011/10/11 16:43:33.852664, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009552 [2011/10/11 16:43:33.852713, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d990 [2011/10/11 16:43:33.852755, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.852819, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8a84, type= 0x3, gen_id = 603, uid = 0, flags = 0, file_id 801:245295:0, name_hash = 0x1cd20270 [2011/10/11 16:43:33.852868, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1cd20270 [2011/10/11 16:43:33.852914, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009552 [2011/10/11 16:43:33.852968, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat = 0 [2011/10/11 16:43:33.853013, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat [2011/10/11 16:43:33.853060, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat (numopen=182) NT_STATUS_OK [2011/10/11 16:43:33.853105, 5] smbd/files.c:464(file_free) freed files structure 18042 (293 used) [2011/10/11 16:43:33.853150, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.853175, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54916 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.853412, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.853690, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.853741, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.853783, 3] smbd/process.c:1661(process_smb) Transaction 7839 of length 45 (0 toread) [2011/10/11 16:43:33.853825, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.853850, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54980 smt_wct=3 smb_vwv[ 0]=18043 (0x467B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.854131, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.854158, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.854204, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.854247, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.854693, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.854822, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.854880, 3] smbd/reply.c:4850(reply_close) close fd=97 fnum=18043 (numopen=182) [2011/10/11 16:43:33.854923, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.854982, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/vlcrc, file_id = 801:229261:0 gen_id = 604 has kernel oplock state of 1. [2011/10/11 16:43:33.855042, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006192 [2011/10/11 16:43:33.855090, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d980 [2011/10/11 16:43:33.855132, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.855196, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x989b, type= 0x3, gen_id = 604, uid = 0, flags = 0, file_id 801:229261:0, name_hash = 0x8ecfc677 [2011/10/11 16:43:33.855245, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8ecfc677 [2011/10/11 16:43:33.855290, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006192 [2011/10/11 16:43:33.855345, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/vlcrc = 0 [2011/10/11 16:43:33.855389, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/vlcrc [2011/10/11 16:43:33.855435, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/vlcrc (numopen=181) NT_STATUS_OK [2011/10/11 16:43:33.855479, 5] smbd/files.c:464(file_free) freed files structure 18043 (292 used) [2011/10/11 16:43:33.855526, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.855551, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54980 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.855764, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.856036, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.856101, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.856143, 3] smbd/process.c:1661(process_smb) Transaction 7840 of length 45 (0 toread) [2011/10/11 16:43:33.856185, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.856209, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55044 smt_wct=3 smb_vwv[ 0]=18044 (0x467C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.856470, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.856496, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.856542, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.856585, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.857029, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.857159, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.857215, 3] smbd/reply.c:4850(reply_close) close fd=98 fnum=18044 (numopen=181) [2011/10/11 16:43:33.857258, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.857316, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries, file_id = 801:22d551:0 gen_id = 605 has kernel oplock state of 1. [2011/10/11 16:43:33.857397, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000051D5 [2011/10/11 16:43:33.857446, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d990 [2011/10/11 16:43:33.857488, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.857552, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x98e7, type= 0x3, gen_id = 605, uid = 0, flags = 0, file_id 801:22d551:0, name_hash = 0x1a518c30 [2011/10/11 16:43:33.857602, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1a518c30 [2011/10/11 16:43:33.857647, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000051D5 [2011/10/11 16:43:33.857702, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries = 0 [2011/10/11 16:43:33.857746, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries [2011/10/11 16:43:33.857807, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries (numopen=180) NT_STATUS_OK [2011/10/11 16:43:33.857852, 5] smbd/files.c:464(file_free) freed files structure 18044 (291 used) [2011/10/11 16:43:33.857899, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.857924, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55044 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.858138, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.858413, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.858463, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.858506, 3] smbd/process.c:1661(process_smb) Transaction 7841 of length 45 (0 toread) [2011/10/11 16:43:33.858548, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.858573, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55108 smt_wct=3 smb_vwv[ 0]=18045 (0x467D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.858834, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.858861, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.858906, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.858950, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.859396, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.859525, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.859586, 3] smbd/reply.c:4850(reply_close) close fd=99 fnum=18045 (numopen=180) [2011/10/11 16:43:33.859629, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.859689, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base, file_id = 801:22d49c:0 gen_id = 606 has kernel oplock state of 1. [2011/10/11 16:43:33.859749, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009CD4 [2011/10/11 16:43:33.859797, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.859840, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.859904, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9928, type= 0x3, gen_id = 606, uid = 0, flags = 0, file_id 801:22d49c:0, name_hash = 0x633ff9c5 [2011/10/11 16:43:33.859971, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x633ff9c5 [2011/10/11 16:43:33.860016, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009CD4 [2011/10/11 16:43:33.860071, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base = 0 [2011/10/11 16:43:33.860116, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base [2011/10/11 16:43:33.860163, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base (numopen=179) NT_STATUS_OK [2011/10/11 16:43:33.860207, 5] smbd/files.c:464(file_free) freed files structure 18045 (290 used) [2011/10/11 16:43:33.860251, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.860276, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55108 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.860489, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.860759, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.860809, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.860851, 3] smbd/process.c:1661(process_smb) Transaction 7842 of length 45 (0 toread) [2011/10/11 16:43:33.860892, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.860916, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55172 smt_wct=3 smb_vwv[ 0]=18046 (0x467E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.861175, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.861202, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.861246, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.861289, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.861753, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.861882, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.861939, 3] smbd/reply.c:4850(reply_close) close fd=100 fnum=18046 (numopen=179) [2011/10/11 16:43:33.861982, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.862040, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base, file_id = 801:22921c:0 gen_id = 607 has kernel oplock state of 1. [2011/10/11 16:43:33.862118, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000001C92 [2011/10/11 16:43:33.862167, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.862209, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.862274, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9957, type= 0x3, gen_id = 607, uid = 0, flags = 0, file_id 801:22921c:0, name_hash = 0x1b106cfb [2011/10/11 16:43:33.862323, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1b106cfb [2011/10/11 16:43:33.862368, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000001C92 [2011/10/11 16:43:33.862423, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base = 0 [2011/10/11 16:43:33.862468, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base [2011/10/11 16:43:33.862515, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base (numopen=178) NT_STATUS_OK [2011/10/11 16:43:33.862559, 5] smbd/files.c:464(file_free) freed files structure 18046 (289 used) [2011/10/11 16:43:33.862606, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.862631, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55172 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.862845, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.863118, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.863168, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.863211, 3] smbd/process.c:1661(process_smb) Transaction 7843 of length 45 (0 toread) [2011/10/11 16:43:33.863253, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.863277, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55236 smt_wct=3 smb_vwv[ 0]=18047 (0x467F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.863538, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.863565, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.863610, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.863653, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.864117, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.864246, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.864305, 3] smbd/reply.c:4850(reply_close) close fd=101 fnum=18047 (numopen=178) [2011/10/11 16:43:33.864349, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.864409, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db, file_id = 801:1f4fc7:0 gen_id = 608 has kernel oplock state of 1. [2011/10/11 16:43:33.864469, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C74F [2011/10/11 16:43:33.864516, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.864558, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.864622, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9983, type= 0x3, gen_id = 608, uid = 0, flags = 0, file_id 801:1f4fc7:0, name_hash = 0xc730b42c [2011/10/11 16:43:33.864671, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc730b42c [2011/10/11 16:43:33.864717, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C74F [2011/10/11 16:43:33.864770, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db = 0 [2011/10/11 16:43:33.864816, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db [2011/10/11 16:43:33.864863, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db (numopen=177) NT_STATUS_OK [2011/10/11 16:43:33.864908, 5] smbd/files.c:464(file_free) freed files structure 18047 (288 used) [2011/10/11 16:43:33.864954, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.864979, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55236 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.865194, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.865465, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.865515, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.865557, 3] smbd/process.c:1661(process_smb) Transaction 7844 of length 45 (0 toread) [2011/10/11 16:43:33.865598, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.865623, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55300 smt_wct=3 smb_vwv[ 0]=18048 (0x4680) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.865883, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.865910, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.865955, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.865999, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.866464, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.866594, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.866652, 3] smbd/reply.c:4850(reply_close) close fd=102 fnum=18048 (numopen=177) [2011/10/11 16:43:33.866695, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.866755, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys, file_id = 801:1f4fc5:0 gen_id = 609 has kernel oplock state of 1. [2011/10/11 16:43:33.866816, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C54F [2011/10/11 16:43:33.866865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.866907, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:20 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.866972, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x99d8, type= 0x3, gen_id = 609, uid = 0, flags = 0, file_id 801:1f4fc5:0, name_hash = 0x5101bea7 [2011/10/11 16:43:33.867021, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5101bea7 [2011/10/11 16:43:33.867067, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C54F [2011/10/11 16:43:33.867121, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys = 0 [2011/10/11 16:43:33.867167, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys [2011/10/11 16:43:33.867214, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys (numopen=176) NT_STATUS_OK [2011/10/11 16:43:33.867259, 5] smbd/files.c:464(file_free) freed files structure 18048 (287 used) [2011/10/11 16:43:33.867306, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.867331, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55300 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.867547, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.867821, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.867871, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.867913, 3] smbd/process.c:1661(process_smb) Transaction 7845 of length 45 (0 toread) [2011/10/11 16:43:33.867973, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.867998, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55364 smt_wct=3 smb_vwv[ 0]=18049 (0x4681) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.868261, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.868288, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.868334, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.868377, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.868825, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.868956, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.869012, 3] smbd/reply.c:4850(reply_close) close fd=103 fnum=18049 (numopen=176) [2011/10/11 16:43:33.869054, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.869113, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db, file_id = 801:201333:0 gen_id = 610 has kernel oplock state of 1. [2011/10/11 16:43:33.869173, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003313 [2011/10/11 16:43:33.869225, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8da10 [2011/10/11 16:43:33.869267, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.869332, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9bc4, type= 0x3, gen_id = 610, uid = 0, flags = 0, file_id 801:201333:0, name_hash = 0x8a3abe5d [2011/10/11 16:43:33.869403, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8a3abe5d [2011/10/11 16:43:33.869452, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003313 [2011/10/11 16:43:33.869506, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db = 0 [2011/10/11 16:43:33.869553, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db [2011/10/11 16:43:33.869616, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db (numopen=175) NT_STATUS_OK [2011/10/11 16:43:33.869663, 5] smbd/files.c:464(file_free) freed files structure 18049 (286 used) [2011/10/11 16:43:33.869711, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.869736, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55364 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.869950, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.870227, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.870278, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.870321, 3] smbd/process.c:1661(process_smb) Transaction 7846 of length 45 (0 toread) [2011/10/11 16:43:33.870362, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.870387, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55428 smt_wct=3 smb_vwv[ 0]=18050 (0x4682) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.870648, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.870675, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.870721, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.870764, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.871209, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.871338, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.871397, 3] smbd/reply.c:4850(reply_close) close fd=104 fnum=18050 (numopen=175) [2011/10/11 16:43:33.871441, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.871501, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt, file_id = 801:1f4fbb:0 gen_id = 611 has kernel oplock state of 1. [2011/10/11 16:43:33.871561, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BB4F [2011/10/11 16:43:33.871609, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.871651, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.871734, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa959, type= 0x3, gen_id = 611, uid = 0, flags = 0, file_id 801:1f4fbb:0, name_hash = 0x2c44eba6 [2011/10/11 16:43:33.871784, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2c44eba6 [2011/10/11 16:43:33.871829, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BB4F [2011/10/11 16:43:33.871883, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt = 0 [2011/10/11 16:43:33.871929, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt [2011/10/11 16:43:33.871975, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt (numopen=174) NT_STATUS_OK [2011/10/11 16:43:33.872020, 5] smbd/files.c:464(file_free) freed files structure 18050 (285 used) [2011/10/11 16:43:33.872065, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.872090, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55428 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.872303, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.872572, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.872621, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.872662, 3] smbd/process.c:1661(process_smb) Transaction 7847 of length 45 (0 toread) [2011/10/11 16:43:33.872704, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.872729, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55492 smt_wct=3 smb_vwv[ 0]=18051 (0x4683) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.872990, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.873016, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.873061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.873104, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.873571, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.873700, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.873776, 3] smbd/reply.c:4850(reply_close) close fd=105 fnum=18051 (numopen=174) [2011/10/11 16:43:33.873820, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.873880, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu, file_id = 801:1d8fc4:0 gen_id = 612 has kernel oplock state of 1. [2011/10/11 16:43:33.873940, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C48F [2011/10/11 16:43:33.873989, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.874031, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.874095, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa9a7, type= 0x3, gen_id = 612, uid = 0, flags = 0, file_id 801:1d8fc4:0, name_hash = 0xd97c2776 [2011/10/11 16:43:33.874145, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd97c2776 [2011/10/11 16:43:33.874190, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C48F [2011/10/11 16:43:33.874244, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu = 0 [2011/10/11 16:43:33.874290, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu [2011/10/11 16:43:33.874337, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu (numopen=173) NT_STATUS_OK [2011/10/11 16:43:33.874384, 5] smbd/files.c:464(file_free) freed files structure 18051 (284 used) [2011/10/11 16:43:33.874430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.874455, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55492 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.874670, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.874944, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.874994, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.875037, 3] smbd/process.c:1661(process_smb) Transaction 7848 of length 45 (0 toread) [2011/10/11 16:43:33.875079, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.875103, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55556 smt_wct=3 smb_vwv[ 0]=18052 (0x4684) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.875365, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.875392, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.875437, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.875480, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.875944, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.876073, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.876132, 3] smbd/reply.c:4850(reply_close) close fd=106 fnum=18052 (numopen=173) [2011/10/11 16:43:33.876175, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.876235, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu, file_id = 801:1d8fc3:0 gen_id = 613 has kernel oplock state of 1. [2011/10/11 16:43:33.876295, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C38F [2011/10/11 16:43:33.876343, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.876386, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.876450, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa9e8, type= 0x3, gen_id = 613, uid = 0, flags = 0, file_id 801:1d8fc3:0, name_hash = 0x15cdcbee [2011/10/11 16:43:33.876500, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x15cdcbee [2011/10/11 16:43:33.876546, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C38F [2011/10/11 16:43:33.876600, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu = 0 [2011/10/11 16:43:33.876646, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu [2011/10/11 16:43:33.876694, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu (numopen=172) NT_STATUS_OK [2011/10/11 16:43:33.876740, 5] smbd/files.c:464(file_free) freed files structure 18052 (283 used) [2011/10/11 16:43:33.876787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.876812, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55556 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.877027, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.877298, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.877347, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.877411, 3] smbd/process.c:1661(process_smb) Transaction 7849 of length 45 (0 toread) [2011/10/11 16:43:33.877454, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.877478, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55620 smt_wct=3 smb_vwv[ 0]=18053 (0x4685) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.877760, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.877787, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.877832, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.877875, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.878323, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.878454, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.878512, 3] smbd/reply.c:4850(reply_close) close fd=107 fnum=18053 (numopen=172) [2011/10/11 16:43:33.878555, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.878615, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu, file_id = 801:1dd00e:0 gen_id = 614 has kernel oplock state of 1. [2011/10/11 16:43:33.878675, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000ED0 [2011/10/11 16:43:33.878723, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.878765, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:13 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.878830, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa0c, type= 0x3, gen_id = 614, uid = 0, flags = 0, file_id 801:1dd00e:0, name_hash = 0x8214ca92 [2011/10/11 16:43:33.878879, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8214ca92 [2011/10/11 16:43:33.878924, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000ED0 [2011/10/11 16:43:33.878979, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu = 0 [2011/10/11 16:43:33.879025, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu [2011/10/11 16:43:33.879072, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu (numopen=171) NT_STATUS_OK [2011/10/11 16:43:33.879118, 5] smbd/files.c:464(file_free) freed files structure 18053 (282 used) [2011/10/11 16:43:33.879165, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.879205, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55620 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.879420, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.879483, 10] lib/events.c:221(run_events_poll) Running timed event "update_write_time_handler" 0x7fc9b0d84cb0 [2011/10/11 16:43:33.879530, 5] smbd/fileio.c:185(update_write_time_handler) Update write time on ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:33.879575, 5] locking/locking.c:1657(set_write_time) set_write_time: Tue Oct 11 16:43:34 2011 CEST id=803:404092:0 [2011/10/11 16:43:33.879634, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009240 [2011/10/11 16:43:33.879711, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a52d20 [2011/10/11 16:43:33.879754, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:33.879817, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.879874, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.879924, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Tue Oct 11 16:43:34 2011 CEST cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:33.879989, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.880041, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.880089, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009240 [2011/10/11 16:43:33.880159, 10] smbd/notify_internal.c:930(notify_trigger) notify_trigger called action=0x3, filter=0x10, path=/home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:33.880224, 10] smbd/notify_internal.c:235(notify_load) notify_load: [2011/10/11 16:43:33.880266, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) notify->array: struct notify_array num_depths : 0x00000009 (9) depth: ARRAY(9) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000017 (23) num_entries : 0x00000001 (1) entries: ARRAY(1) entries: struct notify_entry server: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) filter : 0x00000000 (0) subdir_filter : 0x00000017 (23) dir_fd : 0x00000184 (388) dir_id: struct file_id devid : 0x0000000000000801 (2049) inode : 0x0000000000158d4f (1412431) extid : 0x0000000000000000 (0) path : '/tmp/andolan/desktop/ando' path_len : 0x00000019 (25) private_data : 0x7fc9b0d8c8a0 depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000017 (23) num_entries : 0x00000001 (1) entries: ARRAY(1) entries: struct notify_entry server: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) filter : 0x00000000 (0) subdir_filter : 0x00000017 (23) dir_fd : 0x00000182 (386) dir_id: struct file_id devid : 0x0000000000000803 (2051) inode : 0x000000000040408f (4210831) extid : 0x0000000000000000 (0) path : '/home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned' path_len : 0x0000004d (77) private_data : 0x7fc9b0d89af0 [2011/10/11 16:43:33.881792, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2011/10/11 16:43:33.881835, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PVFS_NOTIFY (784) dest: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) src: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) buf : DATA_BLOB length=32 [0000] 03 00 00 00 54 61 73 6B 42 61 72 2F 64 65 73 6B ....Task Bar/desk [0010] 74 6F 70 2E 69 6E 69 00 F0 9A D8 B0 C9 7F 00 00 top.ini. ........ [2011/10/11 16:43:33.882305, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2011/10/11 16:43:33.882351, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2011/10/11 16:43:33.882401, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2011/10/11 16:43:33.882442, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PVFS_NOTIFY (784) dest: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) src: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) buf : DATA_BLOB length=32 [0000] 03 00 00 00 54 61 73 6B 42 61 72 2F 64 65 73 6B ....Task Bar/desk [0010] 74 6F 70 2E 69 6E 69 00 F0 9A D8 B0 C9 7F 00 00 top.ini. ........ [2011/10/11 16:43:33.882838, 10] smbd/notify.c:173(notify_callback) notify_callback called for ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:33.882886, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &m: struct FILE_NOTIFY_INFORMATION NextEntryOffset : 0x00000000 (0) Action : FILE_ACTION_MODIFIED (3) FileNameLength : 0x00000026 (38) FileName1 : 'TaskBar\desktop.ini' [2011/10/11 16:43:33.883007, 10] smbd/notify.c:121(notify_marshall_changes) Client only wanted 32 bytes, trying to marshall 88 bytes [2011/10/11 16:43:33.883051, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.883076, 5] lib/util.c:341(show_msg) size=71 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=49765 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=0 [2011/10/11 16:43:33.883574, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.883681, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.883729, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.883771, 3] smbd/process.c:1661(process_smb) Transaction 7850 of length 45 (0 toread) [2011/10/11 16:43:33.883813, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.883854, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55684 smt_wct=3 smb_vwv[ 0]=18054 (0x4686) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.884114, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.884142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.884188, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.884232, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.884677, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.884810, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.884881, 3] smbd/reply.c:4850(reply_close) close fd=108 fnum=18054 (numopen=171) [2011/10/11 16:43:33.884925, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.884988, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu, file_id = 801:1dd00d:0 gen_id = 615 has kernel oplock state of 1. [2011/10/11 16:43:33.885050, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000DD0 [2011/10/11 16:43:33.885099, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.885141, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.885206, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa58, type= 0x3, gen_id = 615, uid = 0, flags = 0, file_id 801:1dd00d:0, name_hash = 0x4310462e [2011/10/11 16:43:33.885257, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4310462e [2011/10/11 16:43:33.885302, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000DD0 [2011/10/11 16:43:33.885357, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu = 0 [2011/10/11 16:43:33.885426, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu [2011/10/11 16:43:33.885475, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu (numopen=170) NT_STATUS_OK [2011/10/11 16:43:33.885535, 5] smbd/files.c:464(file_free) freed files structure 18054 (281 used) [2011/10/11 16:43:33.885583, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.885608, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55684 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.885821, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.886078, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.886130, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.886172, 3] smbd/process.c:1661(process_smb) Transaction 7851 of length 45 (0 toread) [2011/10/11 16:43:33.886214, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.886239, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55748 smt_wct=3 smb_vwv[ 0]=18055 (0x4687) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.886500, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.886527, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.886573, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.886617, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.887067, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.887198, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.887257, 3] smbd/reply.c:4850(reply_close) close fd=109 fnum=18055 (numopen=170) [2011/10/11 16:43:33.887300, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.887361, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu, file_id = 801:1dd00c:0 gen_id = 616 has kernel oplock state of 1. [2011/10/11 16:43:33.887425, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000CD0 [2011/10/11 16:43:33.887475, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.887517, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.887581, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa83, type= 0x3, gen_id = 616, uid = 0, flags = 0, file_id 801:1dd00c:0, name_hash = 0x3bbfe0a [2011/10/11 16:43:33.887651, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3bbfe0a [2011/10/11 16:43:33.887698, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000CD0 [2011/10/11 16:43:33.887753, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu = 0 [2011/10/11 16:43:33.887798, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu [2011/10/11 16:43:33.887846, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu (numopen=169) NT_STATUS_OK [2011/10/11 16:43:33.887892, 5] smbd/files.c:464(file_free) freed files structure 18055 (280 used) [2011/10/11 16:43:33.887938, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.887963, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55748 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.888178, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.888455, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.888504, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.888546, 3] smbd/process.c:1661(process_smb) Transaction 7852 of length 45 (0 toread) [2011/10/11 16:43:33.888588, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.888613, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55812 smt_wct=3 smb_vwv[ 0]=18056 (0x4688) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.888875, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.888902, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.888947, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.888990, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.889461, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.889592, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.889651, 3] smbd/reply.c:4850(reply_close) close fd=110 fnum=18056 (numopen=169) [2011/10/11 16:43:33.889695, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.889755, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu, file_id = 801:1dd00b:0 gen_id = 617 has kernel oplock state of 1. [2011/10/11 16:43:33.889834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000BD0 [2011/10/11 16:43:33.889882, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.889925, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.889989, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xac84, type= 0x3, gen_id = 617, uid = 0, flags = 0, file_id 801:1dd00b:0, name_hash = 0xbcd81b5e [2011/10/11 16:43:33.890039, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbcd81b5e [2011/10/11 16:43:33.890084, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000BD0 [2011/10/11 16:43:33.890139, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu = 0 [2011/10/11 16:43:33.890184, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu [2011/10/11 16:43:33.890232, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu (numopen=168) NT_STATUS_OK [2011/10/11 16:43:33.890277, 5] smbd/files.c:464(file_free) freed files structure 18056 (279 used) [2011/10/11 16:43:33.890324, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.890349, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55812 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.890564, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.890829, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.890879, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.890921, 3] smbd/process.c:1661(process_smb) Transaction 7853 of length 45 (0 toread) [2011/10/11 16:43:33.890963, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.890988, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55876 smt_wct=3 smb_vwv[ 0]=18057 (0x4689) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.891250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.891277, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.891322, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.891366, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.891832, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.891961, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.892021, 3] smbd/reply.c:4850(reply_close) close fd=111 fnum=18057 (numopen=168) [2011/10/11 16:43:33.892065, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.892126, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu, file_id = 801:1dd00a:0 gen_id = 618 has kernel oplock state of 1. [2011/10/11 16:43:33.892186, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000AD0 [2011/10/11 16:43:33.892238, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.892281, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:48 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.892345, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb919, type= 0x3, gen_id = 618, uid = 0, flags = 0, file_id 801:1dd00a:0, name_hash = 0xfa8cb831 [2011/10/11 16:43:33.892395, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfa8cb831 [2011/10/11 16:43:33.892443, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000AD0 [2011/10/11 16:43:33.892498, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu = 0 [2011/10/11 16:43:33.892543, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu [2011/10/11 16:43:33.892591, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu (numopen=167) NT_STATUS_OK [2011/10/11 16:43:33.892637, 5] smbd/files.c:464(file_free) freed files structure 18057 (278 used) [2011/10/11 16:43:33.892683, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.892708, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55876 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.892922, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.893205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.893254, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.893296, 3] smbd/process.c:1661(process_smb) Transaction 7854 of length 45 (0 toread) [2011/10/11 16:43:33.893337, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.893363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55940 smt_wct=3 smb_vwv[ 0]=18058 (0x468A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.893663, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.893691, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.893755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.893799, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.894246, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.894376, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.894434, 3] smbd/reply.c:4850(reply_close) close fd=112 fnum=18058 (numopen=167) [2011/10/11 16:43:33.894478, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.894538, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu, file_id = 801:1dd009:0 gen_id = 619 has kernel oplock state of 1. [2011/10/11 16:43:33.894599, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000009D0 [2011/10/11 16:43:33.894648, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.894690, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:14 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.894754, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb967, type= 0x3, gen_id = 619, uid = 0, flags = 0, file_id 801:1dd009:0, name_hash = 0xc915a292 [2011/10/11 16:43:33.894804, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc915a292 [2011/10/11 16:43:33.894848, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000009D0 [2011/10/11 16:43:33.894903, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu = 0 [2011/10/11 16:43:33.894949, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu [2011/10/11 16:43:33.894997, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu (numopen=166) NT_STATUS_OK [2011/10/11 16:43:33.895042, 5] smbd/files.c:464(file_free) freed files structure 18058 (277 used) [2011/10/11 16:43:33.895088, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.895114, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55940 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.895328, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.895629, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.895682, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.895725, 3] smbd/process.c:1661(process_smb) Transaction 7855 of length 45 (0 toread) [2011/10/11 16:43:33.895766, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.895791, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56004 smt_wct=3 smb_vwv[ 0]=18059 (0x468B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.896052, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.896079, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.896124, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.896168, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.896614, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.896743, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.896804, 3] smbd/reply.c:4850(reply_close) close fd=113 fnum=18059 (numopen=166) [2011/10/11 16:43:33.896847, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.896907, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu, file_id = 801:1dd008:0 gen_id = 620 has kernel oplock state of 1. [2011/10/11 16:43:33.896967, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000008D0 [2011/10/11 16:43:33.897016, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.897058, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.897123, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb9a8, type= 0x3, gen_id = 620, uid = 0, flags = 0, file_id 801:1dd008:0, name_hash = 0xe6dd2504 [2011/10/11 16:43:33.897172, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe6dd2504 [2011/10/11 16:43:33.897217, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000008D0 [2011/10/11 16:43:33.897272, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu = 0 [2011/10/11 16:43:33.897335, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu [2011/10/11 16:43:33.897404, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu (numopen=165) NT_STATUS_OK [2011/10/11 16:43:33.897451, 5] smbd/files.c:464(file_free) freed files structure 18059 (276 used) [2011/10/11 16:43:33.897497, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.897522, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56004 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.897737, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.898022, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.898073, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.898116, 3] smbd/process.c:1661(process_smb) Transaction 7856 of length 45 (0 toread) [2011/10/11 16:43:33.898157, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.898182, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56068 smt_wct=3 smb_vwv[ 0]=18060 (0x468C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.898444, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.898472, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.898517, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.898560, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.899007, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.899137, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.899197, 3] smbd/reply.c:4850(reply_close) close fd=114 fnum=18060 (numopen=165) [2011/10/11 16:43:33.899240, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.899300, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat, file_id = 801:1ccfcc:0 gen_id = 621 has kernel oplock state of 1. [2011/10/11 16:43:33.899362, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CCCF [2011/10/11 16:43:33.899410, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.899452, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.899535, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb9cc, type= 0x3, gen_id = 621, uid = 0, flags = 0, file_id 801:1ccfcc:0, name_hash = 0x86638867 [2011/10/11 16:43:33.899585, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x86638867 [2011/10/11 16:43:33.899630, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CCCF [2011/10/11 16:43:33.899684, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat = 0 [2011/10/11 16:43:33.899731, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat [2011/10/11 16:43:33.899779, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat (numopen=164) NT_STATUS_OK [2011/10/11 16:43:33.899825, 5] smbd/files.c:464(file_free) freed files structure 18060 (275 used) [2011/10/11 16:43:33.899872, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.899897, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56068 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.900112, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.900393, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.900442, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.900485, 3] smbd/process.c:1661(process_smb) Transaction 7857 of length 45 (0 toread) [2011/10/11 16:43:33.900527, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.900551, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56132 smt_wct=3 smb_vwv[ 0]=18061 (0x468D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.900812, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.900839, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.900884, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.900928, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.901394, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.901543, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.901601, 3] smbd/reply.c:4850(reply_close) close fd=115 fnum=18061 (numopen=164) [2011/10/11 16:43:33.901644, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.901704, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat, file_id = 801:1ccfcb:0 gen_id = 622 has kernel oplock state of 1. [2011/10/11 16:43:33.901764, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CBCF [2011/10/11 16:43:33.901812, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.901854, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.901919, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xba18, type= 0x3, gen_id = 622, uid = 0, flags = 0, file_id 801:1ccfcb:0, name_hash = 0xa76cb0f5 [2011/10/11 16:43:33.901969, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa76cb0f5 [2011/10/11 16:43:33.902014, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CBCF [2011/10/11 16:43:33.902068, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat = 0 [2011/10/11 16:43:33.902114, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat [2011/10/11 16:43:33.902162, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat (numopen=163) NT_STATUS_OK [2011/10/11 16:43:33.902208, 5] smbd/files.c:464(file_free) freed files structure 18061 (274 used) [2011/10/11 16:43:33.902254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.902279, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56132 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.902493, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.902780, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.902831, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.902874, 3] smbd/process.c:1661(process_smb) Transaction 7858 of length 45 (0 toread) [2011/10/11 16:43:33.902916, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.902940, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56196 smt_wct=3 smb_vwv[ 0]=18062 (0x468E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.903201, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.903228, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.903274, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.903317, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.903782, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.903912, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.903969, 3] smbd/reply.c:4850(reply_close) close fd=116 fnum=18062 (numopen=163) [2011/10/11 16:43:33.904012, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.904072, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat, file_id = 801:1ccfca:0 gen_id = 623 has kernel oplock state of 1. [2011/10/11 16:43:33.904132, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CACF [2011/10/11 16:43:33.904181, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.904223, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:00 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.904288, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xba43, type= 0x3, gen_id = 623, uid = 0, flags = 0, file_id 801:1ccfca:0, name_hash = 0xac03f184 [2011/10/11 16:43:33.904338, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xac03f184 [2011/10/11 16:43:33.904383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CACF [2011/10/11 16:43:33.904437, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat = 0 [2011/10/11 16:43:33.904484, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat [2011/10/11 16:43:33.904531, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat (numopen=162) NT_STATUS_OK [2011/10/11 16:43:33.904576, 5] smbd/files.c:464(file_free) freed files structure 18062 (273 used) [2011/10/11 16:43:33.904623, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.904648, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56196 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.904862, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.905137, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.905187, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.905229, 3] smbd/process.c:1661(process_smb) Transaction 7859 of length 45 (0 toread) [2011/10/11 16:43:33.905288, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.905313, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56260 smt_wct=3 smb_vwv[ 0]=18063 (0x468F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.905597, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.905624, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.905669, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.905713, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.906160, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.906289, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.906346, 3] smbd/reply.c:4850(reply_close) close fd=117 fnum=18063 (numopen=162) [2011/10/11 16:43:33.906389, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.906449, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat, file_id = 801:1ccfc9:0 gen_id = 624 has kernel oplock state of 1. [2011/10/11 16:43:33.906509, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C9CF [2011/10/11 16:43:33.906559, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.906601, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:00 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.906666, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xbc44, type= 0x3, gen_id = 624, uid = 0, flags = 0, file_id 801:1ccfc9:0, name_hash = 0x6e0c138 [2011/10/11 16:43:33.906715, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6e0c138 [2011/10/11 16:43:33.906761, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C9CF [2011/10/11 16:43:33.906815, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat = 0 [2011/10/11 16:43:33.906861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat [2011/10/11 16:43:33.906908, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat (numopen=161) NT_STATUS_OK [2011/10/11 16:43:33.906972, 5] smbd/files.c:464(file_free) freed files structure 18063 (272 used) [2011/10/11 16:43:33.907018, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.907043, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56260 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.907258, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.907543, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.907595, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.907637, 3] smbd/process.c:1661(process_smb) Transaction 7860 of length 45 (0 toread) [2011/10/11 16:43:33.907679, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.907703, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56324 smt_wct=3 smb_vwv[ 0]=18064 (0x4690) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.907966, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.907993, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.908039, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.908083, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.908531, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.908661, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.908718, 3] smbd/reply.c:4850(reply_close) close fd=118 fnum=18064 (numopen=161) [2011/10/11 16:43:33.908762, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.908821, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat, file_id = 801:1ccfc8:0 gen_id = 625 has kernel oplock state of 1. [2011/10/11 16:43:33.908881, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C8CF [2011/10/11 16:43:33.908930, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.908972, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:54 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.909037, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc8d9, type= 0x3, gen_id = 625, uid = 0, flags = 0, file_id 801:1ccfc8:0, name_hash = 0x3d82f05b [2011/10/11 16:43:33.909104, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d82f05b [2011/10/11 16:43:33.909150, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C8CF [2011/10/11 16:43:33.909204, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat = 0 [2011/10/11 16:43:33.909251, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat [2011/10/11 16:43:33.909299, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat (numopen=160) NT_STATUS_OK [2011/10/11 16:43:33.909344, 5] smbd/files.c:464(file_free) freed files structure 18064 (271 used) [2011/10/11 16:43:33.909413, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.909439, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56324 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.909653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.909937, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.909988, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.910030, 3] smbd/process.c:1661(process_smb) Transaction 7861 of length 45 (0 toread) [2011/10/11 16:43:33.910072, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.910097, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56388 smt_wct=3 smb_vwv[ 0]=18065 (0x4691) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.910359, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.910386, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.910431, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.910474, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.910922, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.911051, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.911108, 3] smbd/reply.c:4850(reply_close) close fd=119 fnum=18065 (numopen=160) [2011/10/11 16:43:33.911151, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.911226, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat, file_id = 801:1ccfc7:0 gen_id = 626 has kernel oplock state of 1. [2011/10/11 16:43:33.911286, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C7CF [2011/10/11 16:43:33.911340, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.911382, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:50 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.911446, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc927, type= 0x3, gen_id = 626, uid = 0, flags = 0, file_id 801:1ccfc7:0, name_hash = 0x31dc4069 [2011/10/11 16:43:33.911496, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x31dc4069 [2011/10/11 16:43:33.911544, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C7CF [2011/10/11 16:43:33.911599, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat = 0 [2011/10/11 16:43:33.911644, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat [2011/10/11 16:43:33.911692, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat (numopen=159) NT_STATUS_OK [2011/10/11 16:43:33.911738, 5] smbd/files.c:464(file_free) freed files structure 18065 (270 used) [2011/10/11 16:43:33.911784, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.911809, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56388 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.912022, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.912299, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.912348, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.912390, 3] smbd/process.c:1661(process_smb) Transaction 7862 of length 45 (0 toread) [2011/10/11 16:43:33.912432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.912457, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56452 smt_wct=3 smb_vwv[ 0]=18066 (0x4692) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.912716, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.912743, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.912788, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.912832, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.913294, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.913446, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.913504, 3] smbd/reply.c:4850(reply_close) close fd=120 fnum=18066 (numopen=159) [2011/10/11 16:43:33.913547, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.913606, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat, file_id = 801:1ccfc6:0 gen_id = 627 has kernel oplock state of 1. [2011/10/11 16:43:33.913667, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C6CF [2011/10/11 16:43:33.913715, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.913757, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:45 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.913821, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc968, type= 0x3, gen_id = 627, uid = 0, flags = 0, file_id 801:1ccfc6:0, name_hash = 0xe91b473f [2011/10/11 16:43:33.913871, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe91b473f [2011/10/11 16:43:33.913915, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C6CF [2011/10/11 16:43:33.913970, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat = 0 [2011/10/11 16:43:33.914015, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat [2011/10/11 16:43:33.914063, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat (numopen=158) NT_STATUS_OK [2011/10/11 16:43:33.914108, 5] smbd/files.c:464(file_free) freed files structure 18066 (269 used) [2011/10/11 16:43:33.914155, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.914180, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56452 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.914393, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.914675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.914725, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.914767, 3] smbd/process.c:1661(process_smb) Transaction 7863 of length 45 (0 toread) [2011/10/11 16:43:33.914809, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.914834, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56516 smt_wct=3 smb_vwv[ 0]=18067 (0x4693) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.915115, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.915142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.915187, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.915231, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.915680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.915810, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.915867, 3] smbd/reply.c:4850(reply_close) close fd=121 fnum=18067 (numopen=158) [2011/10/11 16:43:33.915910, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.915969, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat, file_id = 801:1ccfc5:0 gen_id = 628 has kernel oplock state of 1. [2011/10/11 16:43:33.916030, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C5CF [2011/10/11 16:43:33.916079, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.916121, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:45 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.916186, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc98c, type= 0x3, gen_id = 628, uid = 0, flags = 0, file_id 801:1ccfc5:0, name_hash = 0xe29ac6f2 [2011/10/11 16:43:33.916236, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe29ac6f2 [2011/10/11 16:43:33.916281, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C5CF [2011/10/11 16:43:33.916336, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat = 0 [2011/10/11 16:43:33.916382, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat [2011/10/11 16:43:33.916430, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat (numopen=157) NT_STATUS_OK [2011/10/11 16:43:33.916476, 5] smbd/files.c:464(file_free) freed files structure 18067 (268 used) [2011/10/11 16:43:33.916522, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.916561, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56516 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.916777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.917059, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.917108, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.917150, 3] smbd/process.c:1661(process_smb) Transaction 7864 of length 45 (0 toread) [2011/10/11 16:43:33.917192, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.917217, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56580 smt_wct=3 smb_vwv[ 0]=18068 (0x4694) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.917502, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.917530, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.917576, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.917620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.918070, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.918200, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.918258, 3] smbd/reply.c:4850(reply_close) close fd=122 fnum=18068 (numopen=157) [2011/10/11 16:43:33.918301, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.918359, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat, file_id = 801:1ccfc4:0 gen_id = 629 has kernel oplock state of 1. [2011/10/11 16:43:33.918419, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C4CF [2011/10/11 16:43:33.918468, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.918510, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:14 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.918574, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc9d8, type= 0x3, gen_id = 629, uid = 0, flags = 0, file_id 801:1ccfc4:0, name_hash = 0xf7f28e79 [2011/10/11 16:43:33.918624, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf7f28e79 [2011/10/11 16:43:33.918687, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C4CF [2011/10/11 16:43:33.918742, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat = 0 [2011/10/11 16:43:33.918788, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat [2011/10/11 16:43:33.918836, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat (numopen=156) NT_STATUS_OK [2011/10/11 16:43:33.918882, 5] smbd/files.c:464(file_free) freed files structure 18068 (267 used) [2011/10/11 16:43:33.918929, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.918954, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56580 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.919170, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.919455, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.919506, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.919549, 3] smbd/process.c:1661(process_smb) Transaction 7865 of length 45 (0 toread) [2011/10/11 16:43:33.919590, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.919615, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56644 smt_wct=3 smb_vwv[ 0]=18069 (0x4695) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.919877, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.919904, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.919950, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.919994, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.920442, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.920571, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.920628, 3] smbd/reply.c:4850(reply_close) close fd=123 fnum=18069 (numopen=156) [2011/10/11 16:43:33.920671, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.920730, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat, file_id = 801:1ccfc3:0 gen_id = 630 has kernel oplock state of 1. [2011/10/11 16:43:33.920808, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C3CF [2011/10/11 16:43:33.920858, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.920900, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:34 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.920964, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xca03, type= 0x3, gen_id = 630, uid = 0, flags = 0, file_id 801:1ccfc3:0, name_hash = 0xbf4501d9 [2011/10/11 16:43:33.921014, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbf4501d9 [2011/10/11 16:43:33.921059, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C3CF [2011/10/11 16:43:33.921113, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat = 0 [2011/10/11 16:43:33.921159, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat [2011/10/11 16:43:33.921207, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat (numopen=155) NT_STATUS_OK [2011/10/11 16:43:33.921253, 5] smbd/files.c:464(file_free) freed files structure 18069 (266 used) [2011/10/11 16:43:33.921299, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.921324, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56644 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.921561, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.921848, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.921899, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.921942, 3] smbd/process.c:1661(process_smb) Transaction 7866 of length 45 (0 toread) [2011/10/11 16:43:33.921983, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.922008, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56708 smt_wct=3 smb_vwv[ 0]=18070 (0x4696) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.922269, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.922296, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.922341, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.922384, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.922848, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.922977, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.923035, 3] smbd/reply.c:4850(reply_close) close fd=31 fnum=18070 (numopen=155) [2011/10/11 16:43:33.923078, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.923137, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat, file_id = 801:1ccfc2:0 gen_id = 631 has kernel oplock state of 1. [2011/10/11 16:43:33.923198, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C2CF [2011/10/11 16:43:33.923247, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.923289, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:34 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.923353, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xcc44, type= 0x3, gen_id = 631, uid = 0, flags = 0, file_id 801:1ccfc2:0, name_hash = 0xe5a2fbd9 [2011/10/11 16:43:33.923403, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe5a2fbd9 [2011/10/11 16:43:33.923448, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C2CF [2011/10/11 16:43:33.923503, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat = 0 [2011/10/11 16:43:33.923548, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat [2011/10/11 16:43:33.923596, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat (numopen=154) NT_STATUS_OK [2011/10/11 16:43:33.923642, 5] smbd/files.c:464(file_free) freed files structure 18070 (265 used) [2011/10/11 16:43:33.923690, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.923715, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56708 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.923929, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.924206, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.924255, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.924297, 3] smbd/process.c:1661(process_smb) Transaction 7867 of length 45 (0 toread) [2011/10/11 16:43:33.924339, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.924363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56772 smt_wct=3 smb_vwv[ 0]=18071 (0x4697) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.924624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.924651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.924696, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.924756, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.925203, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.925333, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.925410, 3] smbd/reply.c:4850(reply_close) close fd=32 fnum=18071 (numopen=154) [2011/10/11 16:43:33.925454, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.925512, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat, file_id = 801:1ccfc1:0 gen_id = 632 has kernel oplock state of 1. [2011/10/11 16:43:33.925573, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C1CF [2011/10/11 16:43:33.925621, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.925664, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:59 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.925728, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd999, type= 0x3, gen_id = 632, uid = 0, flags = 0, file_id 801:1ccfc1:0, name_hash = 0x1647f3c7 [2011/10/11 16:43:33.925777, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1647f3c7 [2011/10/11 16:43:33.925822, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C1CF [2011/10/11 16:43:33.925877, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat = 0 [2011/10/11 16:43:33.925923, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat [2011/10/11 16:43:33.925970, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat (numopen=153) NT_STATUS_OK [2011/10/11 16:43:33.926016, 5] smbd/files.c:464(file_free) freed files structure 18071 (264 used) [2011/10/11 16:43:33.926063, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.926088, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56772 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.926302, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.926583, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.926652, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.926694, 3] smbd/process.c:1661(process_smb) Transaction 7868 of length 45 (0 toread) [2011/10/11 16:43:33.926736, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.926761, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56836 smt_wct=3 smb_vwv[ 0]=18072 (0x4698) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.927024, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.927051, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.927096, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.927140, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.927587, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.927717, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.927774, 3] smbd/reply.c:4850(reply_close) close fd=124 fnum=18072 (numopen=153) [2011/10/11 16:43:33.927817, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.927876, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat, file_id = 801:1ccfc0:0 gen_id = 633 has kernel oplock state of 1. [2011/10/11 16:43:33.927937, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C0CF [2011/10/11 16:43:33.927985, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.928028, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:44 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.928092, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd9da, type= 0x3, gen_id = 633, uid = 0, flags = 0, file_id 801:1ccfc0:0, name_hash = 0x1af76171 [2011/10/11 16:43:33.928142, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1af76171 [2011/10/11 16:43:33.928188, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C0CF [2011/10/11 16:43:33.928243, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat = 0 [2011/10/11 16:43:33.928289, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat [2011/10/11 16:43:33.928352, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat (numopen=152) NT_STATUS_OK [2011/10/11 16:43:33.928398, 5] smbd/files.c:464(file_free) freed files structure 18072 (263 used) [2011/10/11 16:43:33.928444, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.928470, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56836 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.928685, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.928967, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.929017, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.929059, 3] smbd/process.c:1661(process_smb) Transaction 7869 of length 45 (0 toread) [2011/10/11 16:43:33.929101, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.929125, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56900 smt_wct=3 smb_vwv[ 0]=18073 (0x4699) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.929409, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.929437, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.929482, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.929526, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.929975, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.930105, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.930162, 3] smbd/reply.c:4850(reply_close) close fd=125 fnum=18073 (numopen=152) [2011/10/11 16:43:33.930205, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.930264, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat, file_id = 801:1ccfbf:0 gen_id = 634 has kernel oplock state of 1. [2011/10/11 16:43:33.930326, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BFCF [2011/10/11 16:43:33.930374, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.930416, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:44 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.930497, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda28, type= 0x3, gen_id = 634, uid = 0, flags = 0, file_id 801:1ccfbf:0, name_hash = 0xe375b870 [2011/10/11 16:43:33.930548, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe375b870 [2011/10/11 16:43:33.930593, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BFCF [2011/10/11 16:43:33.930647, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat = 0 [2011/10/11 16:43:33.930693, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat [2011/10/11 16:43:33.930741, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat (numopen=151) NT_STATUS_OK [2011/10/11 16:43:33.930786, 5] smbd/files.c:464(file_free) freed files structure 18073 (262 used) [2011/10/11 16:43:33.930832, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.930857, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56900 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.931071, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.931355, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.931405, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.931447, 3] smbd/process.c:1661(process_smb) Transaction 7870 of length 45 (0 toread) [2011/10/11 16:43:33.931489, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.931514, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56964 smt_wct=3 smb_vwv[ 0]=18074 (0x469A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.931776, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.931803, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.931849, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.931893, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.932339, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.932469, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.932544, 3] smbd/reply.c:4850(reply_close) close fd=126 fnum=18074 (numopen=151) [2011/10/11 16:43:33.932587, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.932647, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat, file_id = 801:1ccfbe:0 gen_id = 635 has kernel oplock state of 1. [2011/10/11 16:43:33.932707, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BECF [2011/10/11 16:43:33.932759, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.932801, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.932866, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda57, type= 0x3, gen_id = 635, uid = 0, flags = 0, file_id 801:1ccfbe:0, name_hash = 0x972e238 [2011/10/11 16:43:33.932916, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x972e238 [2011/10/11 16:43:33.932964, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BECF [2011/10/11 16:43:33.933019, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat = 0 [2011/10/11 16:43:33.933065, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat [2011/10/11 16:43:33.933112, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat (numopen=150) NT_STATUS_OK [2011/10/11 16:43:33.933158, 5] smbd/files.c:464(file_free) freed files structure 18074 (261 used) [2011/10/11 16:43:33.933203, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.933228, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56964 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.933463, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.933748, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.933799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.933841, 3] smbd/process.c:1661(process_smb) Transaction 7871 of length 45 (0 toread) [2011/10/11 16:43:33.933882, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.933907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57028 smt_wct=3 smb_vwv[ 0]=18075 (0x469B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.934167, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.934194, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.934239, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.934283, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.934748, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.934877, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.934936, 3] smbd/reply.c:4850(reply_close) close fd=127 fnum=18075 (numopen=150) [2011/10/11 16:43:33.934980, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.935040, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat, file_id = 801:1ccfbd:0 gen_id = 636 has kernel oplock state of 1. [2011/10/11 16:43:33.935101, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BDCF [2011/10/11 16:43:33.935149, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.935190, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:32 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.935255, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda98, type= 0x3, gen_id = 636, uid = 0, flags = 0, file_id 801:1ccfbd:0, name_hash = 0xe8419948 [2011/10/11 16:43:33.935305, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe8419948 [2011/10/11 16:43:33.935350, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BDCF [2011/10/11 16:43:33.935404, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat = 0 [2011/10/11 16:43:33.935449, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat [2011/10/11 16:43:33.935498, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat (numopen=149) NT_STATUS_OK [2011/10/11 16:43:33.935544, 5] smbd/files.c:464(file_free) freed files structure 18075 (260 used) [2011/10/11 16:43:33.935590, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.935615, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57028 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.935827, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.936107, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.936156, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.936198, 3] smbd/process.c:1661(process_smb) Transaction 7872 of length 45 (0 toread) [2011/10/11 16:43:33.936239, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.936264, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57092 smt_wct=3 smb_vwv[ 0]=18076 (0x469C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.936547, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.936573, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.936618, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.936661, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.937105, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.937234, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.937289, 3] smbd/reply.c:4850(reply_close) close fd=128 fnum=18076 (numopen=149) [2011/10/11 16:43:33.937332, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.937412, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat, file_id = 801:1ccfbc:0 gen_id = 637 has kernel oplock state of 1. [2011/10/11 16:43:33.937473, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BCCF [2011/10/11 16:43:33.937521, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.937563, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.937627, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xdac3, type= 0x3, gen_id = 637, uid = 0, flags = 0, file_id 801:1ccfbc:0, name_hash = 0xc1820ae0 [2011/10/11 16:43:33.937676, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc1820ae0 [2011/10/11 16:43:33.937721, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BCCF [2011/10/11 16:43:33.937774, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat = 0 [2011/10/11 16:43:33.937820, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat [2011/10/11 16:43:33.937867, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat (numopen=148) NT_STATUS_OK [2011/10/11 16:43:33.937912, 5] smbd/files.c:464(file_free) freed files structure 18076 (259 used) [2011/10/11 16:43:33.937958, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.937998, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57092 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.938213, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.938497, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.938548, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.938590, 3] smbd/process.c:1661(process_smb) Transaction 7873 of length 45 (0 toread) [2011/10/11 16:43:33.938632, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.938657, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57156 smt_wct=3 smb_vwv[ 0]=18077 (0x469D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.938919, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.938946, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.938992, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.939035, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.939483, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.939613, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.939669, 3] smbd/reply.c:4850(reply_close) close fd=129 fnum=18077 (numopen=148) [2011/10/11 16:43:33.939712, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.939771, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat, file_id = 801:1ccfbb:0 gen_id = 638 has kernel oplock state of 1. [2011/10/11 16:43:33.939832, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BBCF [2011/10/11 16:43:33.939880, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.939922, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.939986, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xdd0c, type= 0x3, gen_id = 638, uid = 0, flags = 0, file_id 801:1ccfbb:0, name_hash = 0x8930f656 [2011/10/11 16:43:33.940035, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8930f656 [2011/10/11 16:43:33.940080, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BBCF [2011/10/11 16:43:33.940154, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat = 0 [2011/10/11 16:43:33.940201, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat [2011/10/11 16:43:33.940249, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat (numopen=147) NT_STATUS_OK [2011/10/11 16:43:33.940295, 5] smbd/files.c:464(file_free) freed files structure 18077 (258 used) [2011/10/11 16:43:33.940343, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.940368, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57156 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.940584, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.940864, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.940913, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.940955, 3] smbd/process.c:1661(process_smb) Transaction 7874 of length 45 (0 toread) [2011/10/11 16:43:33.940997, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.941022, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57220 smt_wct=3 smb_vwv[ 0]=18078 (0x469E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.941285, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.941312, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.941358, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.941424, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.941872, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.942002, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.942058, 3] smbd/reply.c:4850(reply_close) close fd=130 fnum=18078 (numopen=147) [2011/10/11 16:43:33.942101, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.942159, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat, file_id = 801:1ccfba:0 gen_id = 639 has kernel oplock state of 1. [2011/10/11 16:43:33.942238, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BACF [2011/10/11 16:43:33.942288, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.942330, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.942395, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xead9, type= 0x3, gen_id = 639, uid = 0, flags = 0, file_id 801:1ccfba:0, name_hash = 0x7753fb05 [2011/10/11 16:43:33.942445, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7753fb05 [2011/10/11 16:43:33.942490, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BACF [2011/10/11 16:43:33.942545, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat = 0 [2011/10/11 16:43:33.942591, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat [2011/10/11 16:43:33.942639, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat (numopen=146) NT_STATUS_OK [2011/10/11 16:43:33.942685, 5] smbd/files.c:464(file_free) freed files structure 18078 (257 used) [2011/10/11 16:43:33.942732, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.942757, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.942973, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.943257, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.943308, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.943351, 3] smbd/process.c:1661(process_smb) Transaction 7875 of length 45 (0 toread) [2011/10/11 16:43:33.943393, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.943418, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57284 smt_wct=3 smb_vwv[ 0]=18079 (0x469F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.943682, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.943709, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.943755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.943799, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.944267, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.944398, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.944455, 3] smbd/reply.c:4850(reply_close) close fd=131 fnum=18079 (numopen=146) [2011/10/11 16:43:33.944499, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.944558, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat, file_id = 801:1ccfb9:0 gen_id = 640 has kernel oplock state of 1. [2011/10/11 16:43:33.944619, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B9CF [2011/10/11 16:43:33.944667, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.944709, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.944773, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb1a, type= 0x3, gen_id = 640, uid = 0, flags = 0, file_id 801:1ccfb9:0, name_hash = 0x1dc28607 [2011/10/11 16:43:33.944822, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1dc28607 [2011/10/11 16:43:33.944869, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B9CF [2011/10/11 16:43:33.944924, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat = 0 [2011/10/11 16:43:33.944970, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat [2011/10/11 16:43:33.945017, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat (numopen=145) NT_STATUS_OK [2011/10/11 16:43:33.945063, 5] smbd/files.c:464(file_free) freed files structure 18079 (256 used) [2011/10/11 16:43:33.945109, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.945134, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57284 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.945350, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.945654, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.945705, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.945747, 3] smbd/process.c:1661(process_smb) Transaction 7876 of length 45 (0 toread) [2011/10/11 16:43:33.945788, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.945813, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57348 smt_wct=3 smb_vwv[ 0]=18080 (0x46A0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.946074, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.946101, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.946146, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.946190, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.946659, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.946789, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.946846, 3] smbd/reply.c:4850(reply_close) close fd=132 fnum=18080 (numopen=145) [2011/10/11 16:43:33.946889, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.946950, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat, file_id = 801:1ccfb8:0 gen_id = 641 has kernel oplock state of 1. [2011/10/11 16:43:33.947010, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B8CF [2011/10/11 16:43:33.947059, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.947101, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.947166, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb68, type= 0x3, gen_id = 641, uid = 0, flags = 0, file_id 801:1ccfb8:0, name_hash = 0x1e19a9f7 [2011/10/11 16:43:33.947216, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1e19a9f7 [2011/10/11 16:43:33.947261, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B8CF [2011/10/11 16:43:33.947316, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat = 0 [2011/10/11 16:43:33.947363, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat [2011/10/11 16:43:33.947411, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat (numopen=144) NT_STATUS_OK [2011/10/11 16:43:33.947457, 5] smbd/files.c:464(file_free) freed files structure 18080 (255 used) [2011/10/11 16:43:33.947504, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.947529, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.947744, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.948023, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.948072, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.948131, 3] smbd/process.c:1661(process_smb) Transaction 7877 of length 45 (0 toread) [2011/10/11 16:43:33.948173, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.948198, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57412 smt_wct=3 smb_vwv[ 0]=18081 (0x46A1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.948461, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.948488, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.948533, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.948577, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.949024, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.949153, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.949210, 3] smbd/reply.c:4850(reply_close) close fd=133 fnum=18081 (numopen=144) [2011/10/11 16:43:33.949254, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.949312, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat, file_id = 801:1ccfb7:0 gen_id = 642 has kernel oplock state of 1. [2011/10/11 16:43:33.949397, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B7CF [2011/10/11 16:43:33.949473, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.949515, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.949579, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb97, type= 0x3, gen_id = 642, uid = 0, flags = 0, file_id 801:1ccfb7:0, name_hash = 0x43184b9d [2011/10/11 16:43:33.949630, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x43184b9d [2011/10/11 16:43:33.949674, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B7CF [2011/10/11 16:43:33.949729, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat = 0 [2011/10/11 16:43:33.949775, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat [2011/10/11 16:43:33.949839, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat (numopen=143) NT_STATUS_OK [2011/10/11 16:43:33.949885, 5] smbd/files.c:464(file_free) freed files structure 18081 (254 used) [2011/10/11 16:43:33.949932, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.949958, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57412 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.950173, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.950460, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.950511, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.950554, 3] smbd/process.c:1661(process_smb) Transaction 7878 of length 45 (0 toread) [2011/10/11 16:43:33.950596, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.950621, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57476 smt_wct=3 smb_vwv[ 0]=18082 (0x46A2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.950883, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.950910, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.950956, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.951000, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.951448, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.951577, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.951636, 3] smbd/reply.c:4850(reply_close) close fd=134 fnum=18082 (numopen=143) [2011/10/11 16:43:33.951679, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.951740, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat, file_id = 801:1ccfb6:0 gen_id = 643 has kernel oplock state of 1. [2011/10/11 16:43:33.951800, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B6CF [2011/10/11 16:43:33.951849, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.951892, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.951956, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xebd8, type= 0x3, gen_id = 643, uid = 0, flags = 0, file_id 801:1ccfb6:0, name_hash = 0xc6919778 [2011/10/11 16:43:33.952024, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc6919778 [2011/10/11 16:43:33.952073, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B6CF [2011/10/11 16:43:33.952128, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat = 0 [2011/10/11 16:43:33.952174, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat [2011/10/11 16:43:33.952222, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat (numopen=142) NT_STATUS_OK [2011/10/11 16:43:33.952268, 5] smbd/files.c:464(file_free) freed files structure 18082 (253 used) [2011/10/11 16:43:33.952315, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.952340, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57476 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.952555, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.952836, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.953184, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.953260, 3] smbd/process.c:1661(process_smb) Transaction 7879 of length 45 (0 toread) [2011/10/11 16:43:33.953303, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.953328, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57540 smt_wct=3 smb_vwv[ 0]=18083 (0x46A3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.953620, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.953651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.953701, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.953746, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.954201, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.954337, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.954412, 3] smbd/reply.c:4850(reply_close) close fd=135 fnum=18083 (numopen=142) [2011/10/11 16:43:33.954482, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.954550, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat, file_id = 801:1ccfb5:0 gen_id = 644 has kernel oplock state of 1. [2011/10/11 16:43:33.954617, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B5CF [2011/10/11 16:43:33.954671, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.954713, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:20:30 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.954780, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xec26, type= 0x3, gen_id = 644, uid = 0, flags = 0, file_id 801:1ccfb5:0, name_hash = 0x699afa9e [2011/10/11 16:43:33.954833, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x699afa9e [2011/10/11 16:43:33.954880, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B5CF [2011/10/11 16:43:33.954935, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat = 0 [2011/10/11 16:43:33.954982, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat [2011/10/11 16:43:33.955032, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat (numopen=141) NT_STATUS_OK [2011/10/11 16:43:33.955078, 5] smbd/files.c:464(file_free) freed files structure 18083 (252 used) [2011/10/11 16:43:33.955127, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.955152, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57540 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.955367, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.955675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.955728, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.955770, 3] smbd/process.c:1661(process_smb) Transaction 7880 of length 45 (0 toread) [2011/10/11 16:43:33.955812, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.955837, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57604 smt_wct=3 smb_vwv[ 0]=18084 (0x46A4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.956096, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.956124, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.956169, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.956214, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.956680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.956811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.956872, 3] smbd/reply.c:4850(reply_close) close fd=136 fnum=18084 (numopen=141) [2011/10/11 16:43:33.956915, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.956976, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat, file_id = 801:1ccfb4:0 gen_id = 645 has kernel oplock state of 1. [2011/10/11 16:43:33.957037, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B4CF [2011/10/11 16:43:33.957087, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.957129, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.957193, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xee0c, type= 0x3, gen_id = 645, uid = 0, flags = 0, file_id 801:1ccfb4:0, name_hash = 0xf04a1dba [2011/10/11 16:43:33.957243, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf04a1dba [2011/10/11 16:43:33.957289, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B4CF [2011/10/11 16:43:33.957344, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat = 0 [2011/10/11 16:43:33.957414, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat [2011/10/11 16:43:33.957462, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat (numopen=140) NT_STATUS_OK [2011/10/11 16:43:33.957508, 5] smbd/files.c:464(file_free) freed files structure 18084 (251 used) [2011/10/11 16:43:33.957556, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.957581, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57604 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.957796, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.958086, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.958136, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.958178, 3] smbd/process.c:1661(process_smb) Transaction 7881 of length 45 (0 toread) [2011/10/11 16:43:33.958220, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.958245, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57668 smt_wct=3 smb_vwv[ 0]=18085 (0x46A5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.958524, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.958552, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.958597, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.958642, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.959089, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.959220, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.959277, 3] smbd/reply.c:4850(reply_close) close fd=137 fnum=18085 (numopen=140) [2011/10/11 16:43:33.959320, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.959380, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat, file_id = 801:1ccfb3:0 gen_id = 646 has kernel oplock state of 1. [2011/10/11 16:43:33.959440, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B3CF [2011/10/11 16:43:33.959489, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.959531, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.959595, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfb59, type= 0x3, gen_id = 646, uid = 0, flags = 0, file_id 801:1ccfb3:0, name_hash = 0x54a4a536 [2011/10/11 16:43:33.959644, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x54a4a536 [2011/10/11 16:43:33.959689, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B3CF [2011/10/11 16:43:33.959744, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat = 0 [2011/10/11 16:43:33.959790, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat [2011/10/11 16:43:33.959837, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat (numopen=139) NT_STATUS_OK [2011/10/11 16:43:33.959883, 5] smbd/files.c:464(file_free) freed files structure 18085 (250 used) [2011/10/11 16:43:33.959929, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.959954, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57668 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.960184, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.960462, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.960511, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.960553, 3] smbd/process.c:1661(process_smb) Transaction 7882 of length 45 (0 toread) [2011/10/11 16:43:33.960595, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.960620, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57732 smt_wct=3 smb_vwv[ 0]=18086 (0x46A6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.960880, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.960907, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.960952, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.960996, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.961461, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.961590, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.961646, 3] smbd/reply.c:4850(reply_close) close fd=138 fnum=18086 (numopen=139) [2011/10/11 16:43:33.961689, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.961748, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat, file_id = 801:1ccfb2:0 gen_id = 647 has kernel oplock state of 1. [2011/10/11 16:43:33.961808, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B2CF [2011/10/11 16:43:33.961856, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.961898, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.961962, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfb9a, type= 0x3, gen_id = 647, uid = 0, flags = 0, file_id 801:1ccfb2:0, name_hash = 0x3d123502 [2011/10/11 16:43:33.962012, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d123502 [2011/10/11 16:43:33.962057, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B2CF [2011/10/11 16:43:33.962128, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat = 0 [2011/10/11 16:43:33.962175, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat [2011/10/11 16:43:33.962222, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat (numopen=138) NT_STATUS_OK [2011/10/11 16:43:33.962267, 5] smbd/files.c:464(file_free) freed files structure 18086 (249 used) [2011/10/11 16:43:33.962313, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.962338, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57732 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.962552, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.962836, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.962886, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.962928, 3] smbd/process.c:1661(process_smb) Transaction 7883 of length 45 (0 toread) [2011/10/11 16:43:33.962970, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.962995, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57796 smt_wct=3 smb_vwv[ 0]=18087 (0x46A7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.963255, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.963282, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.963327, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.963371, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.963817, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.963946, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.964004, 3] smbd/reply.c:4850(reply_close) close fd=139 fnum=18087 (numopen=138) [2011/10/11 16:43:33.964047, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.964106, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat, file_id = 801:1ccfb1:0 gen_id = 648 has kernel oplock state of 1. [2011/10/11 16:43:33.964167, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B1CF [2011/10/11 16:43:33.964233, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.964276, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.964339, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfbd7, type= 0x3, gen_id = 648, uid = 0, flags = 0, file_id 801:1ccfb1:0, name_hash = 0xb703fc97 [2011/10/11 16:43:33.964389, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb703fc97 [2011/10/11 16:43:33.964434, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B1CF [2011/10/11 16:43:33.964488, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat = 0 [2011/10/11 16:43:33.964534, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat [2011/10/11 16:43:33.964581, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat (numopen=137) NT_STATUS_OK [2011/10/11 16:43:33.964626, 5] smbd/files.c:464(file_free) freed files structure 18087 (248 used) [2011/10/11 16:43:33.964672, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.964697, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57796 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.964911, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.965183, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.965232, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.965274, 3] smbd/process.c:1661(process_smb) Transaction 7884 of length 45 (0 toread) [2011/10/11 16:43:33.965316, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.965340, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57860 smt_wct=3 smb_vwv[ 0]=18088 (0x46A8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.965621, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.965648, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.965693, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.965736, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.966181, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.966327, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.966386, 3] smbd/reply.c:4850(reply_close) close fd=140 fnum=18088 (numopen=137) [2011/10/11 16:43:33.966428, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.966487, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat, file_id = 801:1ccfb0:0 gen_id = 649 has kernel oplock state of 1. [2011/10/11 16:43:33.966548, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B0CF [2011/10/11 16:43:33.966596, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.966638, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:06 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.966702, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc1b, type= 0x3, gen_id = 649, uid = 0, flags = 0, file_id 801:1ccfb0:0, name_hash = 0xede4e915 [2011/10/11 16:43:33.966751, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xede4e915 [2011/10/11 16:43:33.966796, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B0CF [2011/10/11 16:43:33.966851, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat = 0 [2011/10/11 16:43:33.966897, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat [2011/10/11 16:43:33.966944, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat (numopen=136) NT_STATUS_OK [2011/10/11 16:43:33.966990, 5] smbd/files.c:464(file_free) freed files structure 18088 (247 used) [2011/10/11 16:43:33.967036, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.967061, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57860 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.967277, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.967558, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.967609, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.967651, 3] smbd/process.c:1661(process_smb) Transaction 7885 of length 45 (0 toread) [2011/10/11 16:43:33.967693, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.967718, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57924 smt_wct=3 smb_vwv[ 0]=18089 (0x46A9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.967979, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.968007, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.968052, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.968095, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.968561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.968691, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.968748, 3] smbd/reply.c:4850(reply_close) close fd=141 fnum=18089 (numopen=136) [2011/10/11 16:43:33.968791, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.968851, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat, file_id = 801:1ccfaf:0 gen_id = 650 has kernel oplock state of 1. [2011/10/11 16:43:33.968911, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AFCF [2011/10/11 16:43:33.968960, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.969001, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:06 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.969066, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc66, type= 0x3, gen_id = 650, uid = 0, flags = 0, file_id 801:1ccfaf:0, name_hash = 0xd9e1ced7 [2011/10/11 16:43:33.969116, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd9e1ced7 [2011/10/11 16:43:33.969161, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AFCF [2011/10/11 16:43:33.969215, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat = 0 [2011/10/11 16:43:33.969261, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat [2011/10/11 16:43:33.969309, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat (numopen=135) NT_STATUS_OK [2011/10/11 16:43:33.969354, 5] smbd/files.c:464(file_free) freed files structure 18089 (246 used) [2011/10/11 16:43:33.969423, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.969448, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57924 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.969663, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.969947, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.969998, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.970058, 3] smbd/process.c:1661(process_smb) Transaction 7886 of length 45 (0 toread) [2011/10/11 16:43:33.970100, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.970125, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57988 smt_wct=3 smb_vwv[ 0]=18090 (0x46AA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.970385, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.970413, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.970458, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.970502, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.970948, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.971077, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.971133, 3] smbd/reply.c:4850(reply_close) close fd=142 fnum=18090 (numopen=135) [2011/10/11 16:43:33.971175, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.971234, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat, file_id = 801:1ccfae:0 gen_id = 651 has kernel oplock state of 1. [2011/10/11 16:43:33.971296, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AECF [2011/10/11 16:43:33.971345, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.971387, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.971450, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfca7, type= 0x3, gen_id = 651, uid = 0, flags = 0, file_id 801:1ccfae:0, name_hash = 0x31f4c8b7 [2011/10/11 16:43:33.971500, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x31f4c8b7 [2011/10/11 16:43:33.971545, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AECF [2011/10/11 16:43:33.971599, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat = 0 [2011/10/11 16:43:33.971645, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat [2011/10/11 16:43:33.971707, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat (numopen=134) NT_STATUS_OK [2011/10/11 16:43:33.971753, 5] smbd/files.c:464(file_free) freed files structure 18090 (245 used) [2011/10/11 16:43:33.971800, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.971825, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57988 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.972038, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.972316, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.972365, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.972407, 3] smbd/process.c:1661(process_smb) Transaction 7887 of length 45 (0 toread) [2011/10/11 16:43:33.972449, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.972473, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58052 smt_wct=3 smb_vwv[ 0]=18091 (0x46AB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.972732, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.972759, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.972804, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.972847, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.973291, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.973441, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.973496, 3] smbd/reply.c:4850(reply_close) close fd=143 fnum=18091 (numopen=134) [2011/10/11 16:43:33.973538, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.973596, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat, file_id = 801:1ccfad:0 gen_id = 652 has kernel oplock state of 1. [2011/10/11 16:43:33.973656, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ADCF [2011/10/11 16:43:33.973708, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.973750, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:27 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.973830, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfe8c, type= 0x3, gen_id = 652, uid = 0, flags = 0, file_id 801:1ccfad:0, name_hash = 0xde137218 [2011/10/11 16:43:33.973880, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xde137218 [2011/10/11 16:43:33.973928, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ADCF [2011/10/11 16:43:33.973983, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat = 0 [2011/10/11 16:43:33.974028, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat [2011/10/11 16:43:33.974076, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat (numopen=133) NT_STATUS_OK [2011/10/11 16:43:33.974121, 5] smbd/files.c:464(file_free) freed files structure 18091 (244 used) [2011/10/11 16:43:33.974168, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.974193, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58052 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.974407, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.974690, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.974740, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.974783, 3] smbd/process.c:1661(process_smb) Transaction 7888 of length 45 (0 toread) [2011/10/11 16:43:33.974824, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.974849, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58116 smt_wct=3 smb_vwv[ 0]=18092 (0x46AC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.975110, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.975137, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.975183, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.975226, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.975670, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.975799, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.975872, 3] smbd/reply.c:4850(reply_close) close fd=144 fnum=18092 (numopen=133) [2011/10/11 16:43:33.975916, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.975975, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat, file_id = 801:1ccfac:0 gen_id = 653 has kernel oplock state of 1. [2011/10/11 16:43:33.976037, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ACCF [2011/10/11 16:43:33.976085, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.976128, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.976191, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb99, type= 0x3, gen_id = 653, uid = 0, flags = 0, file_id 801:1ccfac:0, name_hash = 0xfd175e84 [2011/10/11 16:43:33.976242, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfd175e84 [2011/10/11 16:43:33.976286, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ACCF [2011/10/11 16:43:33.976341, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat = 0 [2011/10/11 16:43:33.976387, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat [2011/10/11 16:43:33.976435, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat (numopen=132) NT_STATUS_OK [2011/10/11 16:43:33.976481, 5] smbd/files.c:464(file_free) freed files structure 18092 (243 used) [2011/10/11 16:43:33.976527, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.976552, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58116 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.976768, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.977045, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.977095, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.977137, 3] smbd/process.c:1661(process_smb) Transaction 7889 of length 45 (0 toread) [2011/10/11 16:43:33.977178, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.977203, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58180 smt_wct=3 smb_vwv[ 0]=18093 (0x46AD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.977487, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.977515, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.977560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.977604, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.978069, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.978198, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.978255, 3] smbd/reply.c:4850(reply_close) close fd=145 fnum=18093 (numopen=132) [2011/10/11 16:43:33.978299, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.978357, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat, file_id = 801:1ccfab:0 gen_id = 654 has kernel oplock state of 1. [2011/10/11 16:43:33.978418, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ABCF [2011/10/11 16:43:33.978470, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.978512, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.978576, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xbd7, type= 0x3, gen_id = 654, uid = 0, flags = 0, file_id 801:1ccfab:0, name_hash = 0x3717474e [2011/10/11 16:43:33.978626, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3717474e [2011/10/11 16:43:33.978673, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ABCF [2011/10/11 16:43:33.978728, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat = 0 [2011/10/11 16:43:33.978774, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat [2011/10/11 16:43:33.978822, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat (numopen=131) NT_STATUS_OK [2011/10/11 16:43:33.978868, 5] smbd/files.c:464(file_free) freed files structure 18093 (242 used) [2011/10/11 16:43:33.978915, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.978940, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58180 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.979156, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.979439, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.979491, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.979533, 3] smbd/process.c:1661(process_smb) Transaction 7890 of length 45 (0 toread) [2011/10/11 16:43:33.979575, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.979600, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58244 smt_wct=3 smb_vwv[ 0]=18094 (0x46AE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.979881, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.979908, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.979954, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.979998, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.980445, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.980574, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.980631, 3] smbd/reply.c:4850(reply_close) close fd=146 fnum=18094 (numopen=131) [2011/10/11 16:43:33.980674, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.980733, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat, file_id = 801:1ccfaa:0 gen_id = 655 has kernel oplock state of 1. [2011/10/11 16:43:33.980794, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AACF [2011/10/11 16:43:33.980843, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.980886, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.980949, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc1a, type= 0x3, gen_id = 655, uid = 0, flags = 0, file_id 801:1ccfaa:0, name_hash = 0x663176af [2011/10/11 16:43:33.980999, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x663176af [2011/10/11 16:43:33.981044, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AACF [2011/10/11 16:43:33.981099, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat = 0 [2011/10/11 16:43:33.981144, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat [2011/10/11 16:43:33.981192, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat (numopen=130) NT_STATUS_OK [2011/10/11 16:43:33.981238, 5] smbd/files.c:464(file_free) freed files structure 18094 (241 used) [2011/10/11 16:43:33.981298, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.981324, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58244 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.981558, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.981839, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.981890, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.981932, 3] smbd/process.c:1661(process_smb) Transaction 7891 of length 45 (0 toread) [2011/10/11 16:43:33.981974, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.981999, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58308 smt_wct=3 smb_vwv[ 0]=18095 (0x46AF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.982259, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.982286, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.982332, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.982376, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.982821, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.982949, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.983004, 3] smbd/reply.c:4850(reply_close) close fd=147 fnum=18095 (numopen=130) [2011/10/11 16:43:33.983047, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.983106, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat, file_id = 801:1ccfa9:0 gen_id = 656 has kernel oplock state of 1. [2011/10/11 16:43:33.983166, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A9CF [2011/10/11 16:43:33.983215, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.983257, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.983321, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc5b, type= 0x3, gen_id = 656, uid = 0, flags = 0, file_id 801:1ccfa9:0, name_hash = 0xf9fca62b [2011/10/11 16:43:33.983371, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf9fca62b [2011/10/11 16:43:33.983433, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A9CF [2011/10/11 16:43:33.983489, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat = 0 [2011/10/11 16:43:33.983535, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat [2011/10/11 16:43:33.983583, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat (numopen=129) NT_STATUS_OK [2011/10/11 16:43:33.983628, 5] smbd/files.c:464(file_free) freed files structure 18095 (240 used) [2011/10/11 16:43:33.983675, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.983700, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58308 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.983913, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.984191, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.984241, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.984282, 3] smbd/process.c:1661(process_smb) Transaction 7892 of length 45 (0 toread) [2011/10/11 16:43:33.984324, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.984349, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58372 smt_wct=3 smb_vwv[ 0]=18096 (0x46B0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.984608, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.984634, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.984679, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.984723, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.985166, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.985294, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.985348, 3] smbd/reply.c:4850(reply_close) close fd=148 fnum=18096 (numopen=129) [2011/10/11 16:43:33.985413, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.985471, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat, file_id = 801:1ccfa8:0 gen_id = 657 has kernel oplock state of 1. [2011/10/11 16:43:33.985548, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A8CF [2011/10/11 16:43:33.985596, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.985639, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:21 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.985702, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc98, type= 0x3, gen_id = 657, uid = 0, flags = 0, file_id 801:1ccfa8:0, name_hash = 0x4d40983a [2011/10/11 16:43:33.985751, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4d40983a [2011/10/11 16:43:33.985796, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A8CF [2011/10/11 16:43:33.985851, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat = 0 [2011/10/11 16:43:33.985896, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat [2011/10/11 16:43:33.985944, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat (numopen=128) NT_STATUS_OK [2011/10/11 16:43:33.985989, 5] smbd/files.c:464(file_free) freed files structure 18096 (239 used) [2011/10/11 16:43:33.986035, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.986060, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58372 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.986273, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.986581, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.986631, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.986672, 3] smbd/process.c:1661(process_smb) Transaction 7893 of length 45 (0 toread) [2011/10/11 16:43:33.986714, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.986739, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58436 smt_wct=3 smb_vwv[ 0]=18097 (0x46B1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.986998, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.987025, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.987070, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.987114, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.987574, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.987703, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.987759, 3] smbd/reply.c:4850(reply_close) close fd=149 fnum=18097 (numopen=128) [2011/10/11 16:43:33.987802, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.987861, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat, file_id = 801:1ccfa7:0 gen_id = 658 has kernel oplock state of 1. [2011/10/11 16:43:33.987921, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A7CF [2011/10/11 16:43:33.987969, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.988011, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.988075, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xce7, type= 0x3, gen_id = 658, uid = 0, flags = 0, file_id 801:1ccfa7:0, name_hash = 0x2777ad99 [2011/10/11 16:43:33.988125, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2777ad99 [2011/10/11 16:43:33.988172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A7CF [2011/10/11 16:43:33.988227, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat = 0 [2011/10/11 16:43:33.988272, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat [2011/10/11 16:43:33.988320, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat (numopen=127) NT_STATUS_OK [2011/10/11 16:43:33.988366, 5] smbd/files.c:464(file_free) freed files structure 18097 (238 used) [2011/10/11 16:43:33.988412, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.988437, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58436 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.988653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.988934, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.988984, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.989026, 3] smbd/process.c:1661(process_smb) Transaction 7894 of length 45 (0 toread) [2011/10/11 16:43:33.989067, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.989092, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58500 smt_wct=3 smb_vwv[ 0]=18098 (0x46B2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.989354, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.989400, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.989447, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.989509, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.989955, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.990084, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.990140, 3] smbd/reply.c:4850(reply_close) close fd=150 fnum=18098 (numopen=127) [2011/10/11 16:43:33.990183, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.990242, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat, file_id = 801:1ccfa6:0 gen_id = 659 has kernel oplock state of 1. [2011/10/11 16:43:33.990302, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A6CF [2011/10/11 16:43:33.990350, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.990392, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:36 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.990456, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc4, type= 0x3, gen_id = 659, uid = 0, flags = 0, file_id 801:1ccfa6:0, name_hash = 0x92eae451 [2011/10/11 16:43:33.990505, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x92eae451 [2011/10/11 16:43:33.990550, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A6CF [2011/10/11 16:43:33.990605, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat = 0 [2011/10/11 16:43:33.990650, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat [2011/10/11 16:43:33.990697, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat (numopen=126) NT_STATUS_OK [2011/10/11 16:43:33.990743, 5] smbd/files.c:464(file_free) freed files structure 18098 (237 used) [2011/10/11 16:43:33.990787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.990812, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58500 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.991026, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.991308, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.991375, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.991417, 3] smbd/process.c:1661(process_smb) Transaction 7895 of length 45 (0 toread) [2011/10/11 16:43:33.991459, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.991484, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58564 smt_wct=3 smb_vwv[ 0]=18099 (0x46B3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.991746, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.991773, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.991819, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.991862, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.992309, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.992438, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.992493, 3] smbd/reply.c:4850(reply_close) close fd=151 fnum=18099 (numopen=126) [2011/10/11 16:43:33.992536, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.992595, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat, file_id = 801:1ccfa5:0 gen_id = 660 has kernel oplock state of 1. [2011/10/11 16:43:33.992656, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A5CF [2011/10/11 16:43:33.992704, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.992746, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.992811, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1c59, type= 0x3, gen_id = 660, uid = 0, flags = 0, file_id 801:1ccfa5:0, name_hash = 0xbafbf63f [2011/10/11 16:43:33.992860, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbafbf63f [2011/10/11 16:43:33.992905, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A5CF [2011/10/11 16:43:33.992960, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat = 0 [2011/10/11 16:43:33.993005, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat [2011/10/11 16:43:33.993068, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat (numopen=125) NT_STATUS_OK [2011/10/11 16:43:33.993114, 5] smbd/files.c:464(file_free) freed files structure 18099 (236 used) [2011/10/11 16:43:33.993160, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.993186, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58564 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.993421, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.993702, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.993753, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.993795, 3] smbd/process.c:1661(process_smb) Transaction 7896 of length 45 (0 toread) [2011/10/11 16:43:33.993837, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.993861, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58628 smt_wct=3 smb_vwv[ 0]=18100 (0x46B4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.994122, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.994149, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.994194, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.994237, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.994683, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.994811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.994866, 3] smbd/reply.c:4850(reply_close) close fd=152 fnum=18100 (numopen=125) [2011/10/11 16:43:33.994908, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.994967, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat, file_id = 801:1ccfa4:0 gen_id = 661 has kernel oplock state of 1. [2011/10/11 16:43:33.995028, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A4CF [2011/10/11 16:43:33.995080, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.995122, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.995204, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1c97, type= 0x3, gen_id = 661, uid = 0, flags = 0, file_id 801:1ccfa4:0, name_hash = 0x296b1293 [2011/10/11 16:43:33.995254, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x296b1293 [2011/10/11 16:43:33.995303, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A4CF [2011/10/11 16:43:33.995358, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat = 0 [2011/10/11 16:43:33.995404, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat [2011/10/11 16:43:33.995451, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat (numopen=124) NT_STATUS_OK [2011/10/11 16:43:33.995497, 5] smbd/files.c:464(file_free) freed files structure 18100 (235 used) [2011/10/11 16:43:33.995545, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.995570, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58628 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.995785, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.996070, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.996119, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.996161, 3] smbd/process.c:1661(process_smb) Transaction 7897 of length 45 (0 toread) [2011/10/11 16:43:33.996203, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.996228, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58692 smt_wct=3 smb_vwv[ 0]=18101 (0x46B5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.996489, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.996515, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.996560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.996604, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.997050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.997179, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.997250, 3] smbd/reply.c:4850(reply_close) close fd=153 fnum=18101 (numopen=124) [2011/10/11 16:43:33.997293, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.997351, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat, file_id = 801:1ccfa3:0 gen_id = 662 has kernel oplock state of 1. [2011/10/11 16:43:33.997434, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A3CF [2011/10/11 16:43:33.997482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.997524, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.997587, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1cda, type= 0x3, gen_id = 662, uid = 0, flags = 0, file_id 801:1ccfa3:0, name_hash = 0xc61b58e9 [2011/10/11 16:43:33.997637, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc61b58e9 [2011/10/11 16:43:33.997682, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A3CF [2011/10/11 16:43:33.997738, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat = 0 [2011/10/11 16:43:33.997783, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat [2011/10/11 16:43:33.997831, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat (numopen=123) NT_STATUS_OK [2011/10/11 16:43:33.997876, 5] smbd/files.c:464(file_free) freed files structure 18101 (234 used) [2011/10/11 16:43:33.997922, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.997947, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58692 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.998160, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.998442, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.998493, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.998534, 3] smbd/process.c:1661(process_smb) Transaction 7898 of length 45 (0 toread) [2011/10/11 16:43:33.998576, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.998601, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58756 smt_wct=3 smb_vwv[ 0]=18102 (0x46B6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.998860, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.998887, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.998932, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.998976, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.999440, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.999570, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.999628, 3] smbd/reply.c:4850(reply_close) close fd=154 fnum=18102 (numopen=123) [2011/10/11 16:43:33.999670, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.999730, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat, file_id = 801:1ccfa2:0 gen_id = 663 has kernel oplock state of 1. [2011/10/11 16:43:33.999790, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A2CF [2011/10/11 16:43:33.999838, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.999881, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.999945, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d1b, type= 0x3, gen_id = 663, uid = 0, flags = 0, file_id 801:1ccfa2:0, name_hash = 0xa7d1bbd6 [2011/10/11 16:43:33.999994, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa7d1bbd6 [2011/10/11 16:43:34.000039, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A2CF [2011/10/11 16:43:34.000094, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat = 0 [2011/10/11 16:43:34.000140, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat [2011/10/11 16:43:34.000187, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat (numopen=122) NT_STATUS_OK [2011/10/11 16:43:34.000232, 5] smbd/files.c:464(file_free) freed files structure 18102 (233 used) [2011/10/11 16:43:34.000278, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.000304, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58756 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.000520, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.000798, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.000847, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.000888, 3] smbd/process.c:1661(process_smb) Transaction 7899 of length 45 (0 toread) [2011/10/11 16:43:34.000930, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.000955, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58820 smt_wct=3 smb_vwv[ 0]=18103 (0x46B7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.001236, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.001263, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.001308, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.001352, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.001822, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.001953, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.002007, 3] smbd/reply.c:4850(reply_close) close fd=155 fnum=18103 (numopen=122) [2011/10/11 16:43:34.002050, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.002110, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat, file_id = 801:1ccfa1:0 gen_id = 664 has kernel oplock state of 1. [2011/10/11 16:43:34.002170, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A1CF [2011/10/11 16:43:34.002219, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.002261, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.002325, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d58, type= 0x3, gen_id = 664, uid = 0, flags = 0, file_id 801:1ccfa1:0, name_hash = 0xf81b799c [2011/10/11 16:43:34.002374, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf81b799c [2011/10/11 16:43:34.002419, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A1CF [2011/10/11 16:43:34.002474, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat = 0 [2011/10/11 16:43:34.002520, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat [2011/10/11 16:43:34.002567, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat (numopen=121) NT_STATUS_OK [2011/10/11 16:43:34.002613, 5] smbd/files.c:464(file_free) freed files structure 18103 (232 used) [2011/10/11 16:43:34.002674, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.002699, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58820 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.002915, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.003198, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.003249, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.003291, 3] smbd/process.c:1661(process_smb) Transaction 7900 of length 45 (0 toread) [2011/10/11 16:43:34.003333, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.003358, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58884 smt_wct=3 smb_vwv[ 0]=18104 (0x46B8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.003619, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.003646, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.003691, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.003735, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.004182, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.004312, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.004368, 3] smbd/reply.c:4850(reply_close) close fd=156 fnum=18104 (numopen=121) [2011/10/11 16:43:34.004410, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.004470, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat, file_id = 801:1ccfa0:0 gen_id = 665 has kernel oplock state of 1. [2011/10/11 16:43:34.004532, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A0CF [2011/10/11 16:43:34.004581, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.004624, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.004688, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1da7, type= 0x3, gen_id = 665, uid = 0, flags = 0, file_id 801:1ccfa0:0, name_hash = 0xc4c84c9 [2011/10/11 16:43:34.004737, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc4c84c9 [2011/10/11 16:43:34.004799, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A0CF [2011/10/11 16:43:34.004855, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat = 0 [2011/10/11 16:43:34.004901, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat [2011/10/11 16:43:34.004949, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat (numopen=120) NT_STATUS_OK [2011/10/11 16:43:34.004994, 5] smbd/files.c:464(file_free) freed files structure 18104 (231 used) [2011/10/11 16:43:34.005040, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.005066, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58884 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.005281, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.005561, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.005613, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.005655, 3] smbd/process.c:1661(process_smb) Transaction 7901 of length 45 (0 toread) [2011/10/11 16:43:34.005697, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.005722, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58948 smt_wct=3 smb_vwv[ 0]=18105 (0x46B9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.005985, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.006012, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.006058, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.006102, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.006551, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.006682, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.006737, 3] smbd/reply.c:4850(reply_close) close fd=157 fnum=18105 (numopen=120) [2011/10/11 16:43:34.006780, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.006840, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat, file_id = 801:1ccf9f:0 gen_id = 666 has kernel oplock state of 1. [2011/10/11 16:43:34.006920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009FCF [2011/10/11 16:43:34.006970, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.007013, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:16 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.007077, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1f84, type= 0x3, gen_id = 666, uid = 0, flags = 0, file_id 801:1ccf9f:0, name_hash = 0xab4dcefd [2011/10/11 16:43:34.007126, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xab4dcefd [2011/10/11 16:43:34.007172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009FCF [2011/10/11 16:43:34.007227, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat = 0 [2011/10/11 16:43:34.007273, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat [2011/10/11 16:43:34.007321, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat (numopen=119) NT_STATUS_OK [2011/10/11 16:43:34.007366, 5] smbd/files.c:464(file_free) freed files structure 18105 (230 used) [2011/10/11 16:43:34.007413, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.007438, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58948 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.007654, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.007936, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.007986, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.008029, 3] smbd/process.c:1661(process_smb) Transaction 7902 of length 45 (0 toread) [2011/10/11 16:43:34.008070, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.008095, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59012 smt_wct=3 smb_vwv[ 0]=18106 (0x46BA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.008358, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.008385, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.008430, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.008474, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.008939, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.009069, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.009124, 3] smbd/reply.c:4850(reply_close) close fd=158 fnum=18106 (numopen=119) [2011/10/11 16:43:34.009166, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.009225, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat, file_id = 801:1ccf9e:0 gen_id = 667 has kernel oplock state of 1. [2011/10/11 16:43:34.009286, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009ECF [2011/10/11 16:43:34.009334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.009397, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.009462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c19, type= 0x3, gen_id = 667, uid = 0, flags = 0, file_id 801:1ccf9e:0, name_hash = 0x935a0cf7 [2011/10/11 16:43:34.009512, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x935a0cf7 [2011/10/11 16:43:34.009557, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009ECF [2011/10/11 16:43:34.009612, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat = 0 [2011/10/11 16:43:34.009658, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat [2011/10/11 16:43:34.009705, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat (numopen=118) NT_STATUS_OK [2011/10/11 16:43:34.009751, 5] smbd/files.c:464(file_free) freed files structure 18106 (229 used) [2011/10/11 16:43:34.009795, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.009820, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59012 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.010035, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.010314, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.010364, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.010406, 3] smbd/process.c:1661(process_smb) Transaction 7903 of length 45 (0 toread) [2011/10/11 16:43:34.010448, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.010474, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59076 smt_wct=3 smb_vwv[ 0]=18107 (0x46BB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.010735, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.010762, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.010808, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.010851, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.011319, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.011450, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.011504, 3] smbd/reply.c:4850(reply_close) close fd=159 fnum=18107 (numopen=118) [2011/10/11 16:43:34.011547, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.011606, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat, file_id = 801:1ccf9d:0 gen_id = 668 has kernel oplock state of 1. [2011/10/11 16:43:34.011668, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009DCF [2011/10/11 16:43:34.011716, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:34.011758, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.011822, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c57, type= 0x3, gen_id = 668, uid = 0, flags = 0, file_id 801:1ccf9d:0, name_hash = 0x5bbd5eaa [2011/10/11 16:43:34.011871, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5bbd5eaa [2011/10/11 16:43:34.011917, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009DCF [2011/10/11 16:43:34.011971, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat = 0 [2011/10/11 16:43:34.012017, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat [2011/10/11 16:43:34.012065, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat (numopen=117) NT_STATUS_OK [2011/10/11 16:43:34.012110, 5] smbd/files.c:464(file_free) freed files structure 18107 (228 used) [2011/10/11 16:43:34.012157, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.012182, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59076 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.012397, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.012675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.012739, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.012781, 3] smbd/process.c:1661(process_smb) Transaction 7904 of length 45 (0 toread) [2011/10/11 16:43:34.012823, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.012848, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59140 smt_wct=3 smb_vwv[ 0]=18108 (0x46BC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.013108, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.013135, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.013180, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.013224, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.013688, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.013818, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.013872, 3] smbd/reply.c:4850(reply_close) close fd=160 fnum=18108 (numopen=117) [2011/10/11 16:43:34.013915, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.013974, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat, file_id = 801:1ccf6d:0 gen_id = 669 has kernel oplock state of 1. [2011/10/11 16:43:34.014035, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006DCF [2011/10/11 16:43:34.014083, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.014125, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.014190, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c9a, type= 0x3, gen_id = 669, uid = 0, flags = 0, file_id 801:1ccf6d:0, name_hash = 0x66b35b2 [2011/10/11 16:43:34.014239, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x66b35b2 [2011/10/11 16:43:34.014284, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006DCF [2011/10/11 16:43:34.014339, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat = 0 [2011/10/11 16:43:34.014384, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat [2011/10/11 16:43:34.014446, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat (numopen=116) NT_STATUS_OK [2011/10/11 16:43:34.014492, 5] smbd/files.c:464(file_free) freed files structure 18108 (227 used) [2011/10/11 16:43:34.014538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.014563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59140 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.014778, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.015061, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.015112, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.015154, 3] smbd/process.c:1661(process_smb) Transaction 7905 of length 45 (0 toread) [2011/10/11 16:43:34.015196, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.015220, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59204 smt_wct=3 smb_vwv[ 0]=18109 (0x46BD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.015481, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.015509, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.015554, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.015598, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.016044, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.016173, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.016228, 3] smbd/reply.c:4850(reply_close) close fd=161 fnum=18109 (numopen=116) [2011/10/11 16:43:34.016270, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.016329, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat, file_id = 801:1ccece:0 gen_id = 670 has kernel oplock state of 1. [2011/10/11 16:43:34.016389, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CECE [2011/10/11 16:43:34.016442, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.016484, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.016565, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2cdb, type= 0x3, gen_id = 670, uid = 0, flags = 0, file_id 801:1ccece:0, name_hash = 0x610c7237 [2011/10/11 16:43:34.016616, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x610c7237 [2011/10/11 16:43:34.016668, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CECE [2011/10/11 16:43:34.016722, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat = 0 [2011/10/11 16:43:34.016768, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat [2011/10/11 16:43:34.016816, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat (numopen=115) NT_STATUS_OK [2011/10/11 16:43:34.016861, 5] smbd/files.c:464(file_free) freed files structure 18109 (226 used) [2011/10/11 16:43:34.016907, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.016932, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59204 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.017148, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.017432, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.017482, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.017524, 3] smbd/process.c:1661(process_smb) Transaction 7906 of length 45 (0 toread) [2011/10/11 16:43:34.017566, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.017591, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59268 smt_wct=3 smb_vwv[ 0]=18110 (0x46BE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.017853, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.017880, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.017926, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.017969, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.018416, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.018546, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.018603, 3] smbd/reply.c:4850(reply_close) close fd=162 fnum=18110 (numopen=115) [2011/10/11 16:43:34.018664, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.018725, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat, file_id = 801:1cce92:0 gen_id = 671 has kernel oplock state of 1. [2011/10/11 16:43:34.018787, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000092CE [2011/10/11 16:43:34.018836, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.018879, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:25 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.018943, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2d18, type= 0x3, gen_id = 671, uid = 0, flags = 0, file_id 801:1cce92:0, name_hash = 0xafaf5ae9 [2011/10/11 16:43:34.018993, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xafaf5ae9 [2011/10/11 16:43:34.019038, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000092CE [2011/10/11 16:43:34.019092, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat = 0 [2011/10/11 16:43:34.019138, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat [2011/10/11 16:43:34.019186, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat (numopen=114) NT_STATUS_OK [2011/10/11 16:43:34.019232, 5] smbd/files.c:464(file_free) freed files structure 18110 (225 used) [2011/10/11 16:43:34.019278, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.019303, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59268 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.019518, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.019800, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.019850, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.019892, 3] smbd/process.c:1661(process_smb) Transaction 7907 of length 45 (0 toread) [2011/10/11 16:43:34.019934, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.019959, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59332 smt_wct=3 smb_vwv[ 0]=18111 (0x46BF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.020220, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.020247, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.020293, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.020336, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.020801, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.020931, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.020988, 3] smbd/reply.c:4850(reply_close) close fd=163 fnum=18111 (numopen=114) [2011/10/11 16:43:34.021030, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.021091, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat, file_id = 801:1cce91:0 gen_id = 672 has kernel oplock state of 1. [2011/10/11 16:43:34.021151, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000091CE [2011/10/11 16:43:34.021200, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.021242, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.021306, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2d67, type= 0x3, gen_id = 672, uid = 0, flags = 0, file_id 801:1cce91:0, name_hash = 0x8075f7f7 [2011/10/11 16:43:34.021355, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8075f7f7 [2011/10/11 16:43:34.021422, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000091CE [2011/10/11 16:43:34.021477, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat = 0 [2011/10/11 16:43:34.021523, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat [2011/10/11 16:43:34.021570, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat (numopen=113) NT_STATUS_OK [2011/10/11 16:43:34.021615, 5] smbd/files.c:464(file_free) freed files structure 18111 (224 used) [2011/10/11 16:43:34.021662, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.021687, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59332 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.021901, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.022188, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.022238, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.022280, 3] smbd/process.c:1661(process_smb) Transaction 7908 of length 45 (0 toread) [2011/10/11 16:43:34.022322, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.022347, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59396 smt_wct=3 smb_vwv[ 0]=18112 (0x46C0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.022625, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.022653, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.022698, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.022742, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.023188, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.023317, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.023372, 3] smbd/reply.c:4850(reply_close) close fd=164 fnum=18112 (numopen=113) [2011/10/11 16:43:34.023415, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.023475, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat, file_id = 801:1cce90:0 gen_id = 673 has kernel oplock state of 1. [2011/10/11 16:43:34.023536, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000090CE [2011/10/11 16:43:34.023584, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.023626, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:16 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.023690, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2f44, type= 0x3, gen_id = 673, uid = 0, flags = 0, file_id 801:1cce90:0, name_hash = 0x46388632 [2011/10/11 16:43:34.023739, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x46388632 [2011/10/11 16:43:34.023784, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000090CE [2011/10/11 16:43:34.023839, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat = 0 [2011/10/11 16:43:34.023884, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat [2011/10/11 16:43:34.023931, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat (numopen=112) NT_STATUS_OK [2011/10/11 16:43:34.023977, 5] smbd/files.c:464(file_free) freed files structure 18112 (223 used) [2011/10/11 16:43:34.024022, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.024048, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59396 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.024276, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.024558, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.024607, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.024649, 3] smbd/process.c:1661(process_smb) Transaction 7909 of length 45 (0 toread) [2011/10/11 16:43:34.024691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.024716, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59460 smt_wct=3 smb_vwv[ 0]=18113 (0x46C1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.024975, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.025002, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.025048, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.025092, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.025557, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.025685, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.025739, 3] smbd/reply.c:4850(reply_close) close fd=165 fnum=18113 (numopen=112) [2011/10/11 16:43:34.025782, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.025840, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat, file_id = 801:1cce8e:0 gen_id = 674 has kernel oplock state of 1. [2011/10/11 16:43:34.025900, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008ECE [2011/10/11 16:43:34.025948, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.025991, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.026054, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3bd9, type= 0x3, gen_id = 674, uid = 0, flags = 0, file_id 801:1cce8e:0, name_hash = 0x1f00b36e [2011/10/11 16:43:34.026103, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1f00b36e [2011/10/11 16:43:34.026148, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008ECE [2011/10/11 16:43:34.026219, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat = 0 [2011/10/11 16:43:34.026265, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat [2011/10/11 16:43:34.026312, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat (numopen=111) NT_STATUS_OK [2011/10/11 16:43:34.026357, 5] smbd/files.c:464(file_free) freed files structure 18113 (222 used) [2011/10/11 16:43:34.026405, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.026430, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59460 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.026643, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.026926, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.026977, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.027019, 3] smbd/process.c:1661(process_smb) Transaction 7910 of length 45 (0 toread) [2011/10/11 16:43:34.027061, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.027085, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59524 smt_wct=3 smb_vwv[ 0]=18114 (0x46C2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.027345, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.027372, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.027417, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.027461, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.027904, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.028032, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.028089, 3] smbd/reply.c:4850(reply_close) close fd=166 fnum=18114 (numopen=111) [2011/10/11 16:43:34.028132, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.028191, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml, file_id = 801:f0795:0 gen_id = 675 has kernel oplock state of 1. [2011/10/11 16:43:34.028251, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009507 [2011/10/11 16:43:34.028315, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.028358, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:18 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.028422, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c17, type= 0x3, gen_id = 675, uid = 0, flags = 0, file_id 801:f0795:0, name_hash = 0xf735af66 [2011/10/11 16:43:34.028472, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf735af66 [2011/10/11 16:43:34.028517, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009507 [2011/10/11 16:43:34.028572, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml = 0 [2011/10/11 16:43:34.028617, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml [2011/10/11 16:43:34.028664, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml (numopen=110) NT_STATUS_OK [2011/10/11 16:43:34.028709, 5] smbd/files.c:464(file_free) freed files structure 18114 (221 used) [2011/10/11 16:43:34.028753, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.028778, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59524 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.028994, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.029276, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.029325, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.029367, 3] smbd/process.c:1661(process_smb) Transaction 7911 of length 45 (0 toread) [2011/10/11 16:43:34.029430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.029455, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59588 smt_wct=3 smb_vwv[ 0]=18115 (0x46C3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.029715, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.029742, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.029787, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.029831, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.030275, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.030421, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.030478, 3] smbd/reply.c:4850(reply_close) close fd=167 fnum=18115 (numopen=110) [2011/10/11 16:43:34.030521, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.030581, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm, file_id = 801:1c4e86:0 gen_id = 676 has kernel oplock state of 1. [2011/10/11 16:43:34.030641, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000864E [2011/10/11 16:43:34.030690, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.030732, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.030796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c5b, type= 0x3, gen_id = 676, uid = 0, flags = 0, file_id 801:1c4e86:0, name_hash = 0x95a997f2 [2011/10/11 16:43:34.030845, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95a997f2 [2011/10/11 16:43:34.030890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000864E [2011/10/11 16:43:34.030945, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm = 0 [2011/10/11 16:43:34.030990, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm [2011/10/11 16:43:34.031038, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm (numopen=109) NT_STATUS_OK [2011/10/11 16:43:34.031083, 5] smbd/files.c:464(file_free) freed files structure 18115 (220 used) [2011/10/11 16:43:34.031128, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.031153, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59588 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.031369, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.031652, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.031702, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.031745, 3] smbd/process.c:1661(process_smb) Transaction 7912 of length 45 (0 toread) [2011/10/11 16:43:34.031787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.031811, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59652 smt_wct=3 smb_vwv[ 0]=18116 (0x46C4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.032073, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.032101, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.032146, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.032190, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.032657, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.032787, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.032841, 3] smbd/reply.c:4850(reply_close) close fd=168 fnum=18116 (numopen=109) [2011/10/11 16:43:34.032884, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.032942, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv, file_id = 801:1c4e81:0 gen_id = 677 has kernel oplock state of 1. [2011/10/11 16:43:34.033002, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000814E [2011/10/11 16:43:34.033051, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.033093, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.033157, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c9a, type= 0x3, gen_id = 677, uid = 0, flags = 0, file_id 801:1c4e81:0, name_hash = 0xc5320e6 [2011/10/11 16:43:34.033207, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc5320e6 [2011/10/11 16:43:34.033252, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000814E [2011/10/11 16:43:34.033307, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv = 0 [2011/10/11 16:43:34.033352, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv [2011/10/11 16:43:34.033421, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv (numopen=108) NT_STATUS_OK [2011/10/11 16:43:34.033466, 5] smbd/files.c:464(file_free) freed files structure 18116 (219 used) [2011/10/11 16:43:34.033512, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.033538, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59652 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.033752, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.034034, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.034084, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.034127, 3] smbd/process.c:1661(process_smb) Transaction 7913 of length 45 (0 toread) [2011/10/11 16:43:34.034168, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.034193, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59716 smt_wct=3 smb_vwv[ 0]=18117 (0x46C5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.034472, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.034499, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.034544, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.034588, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.035033, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.035161, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.035217, 3] smbd/reply.c:4850(reply_close) close fd=169 fnum=18117 (numopen=108) [2011/10/11 16:43:34.035260, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.035320, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm, file_id = 801:1c4e7d:0 gen_id = 678 has kernel oplock state of 1. [2011/10/11 16:43:34.035380, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000007D4E [2011/10/11 16:43:34.035432, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.035474, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.035538, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3cd8, type= 0x3, gen_id = 678, uid = 0, flags = 0, file_id 801:1c4e7d:0, name_hash = 0x1fa8f767 [2011/10/11 16:43:34.035587, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1fa8f767 [2011/10/11 16:43:34.035635, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000007D4E [2011/10/11 16:43:34.035690, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm = 0 [2011/10/11 16:43:34.035735, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm [2011/10/11 16:43:34.035782, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm (numopen=107) NT_STATUS_OK [2011/10/11 16:43:34.035827, 5] smbd/files.c:464(file_free) freed files structure 18117 (218 used) [2011/10/11 16:43:34.035871, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.035896, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59716 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.036126, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.036410, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.036459, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.036501, 3] smbd/process.c:1661(process_smb) Transaction 7914 of length 45 (0 toread) [2011/10/11 16:43:34.036542, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.036567, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59780 smt_wct=3 smb_vwv[ 0]=18118 (0x46C6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.036829, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.036856, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.036901, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.036945, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.037413, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.037544, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.037599, 3] smbd/reply.c:4850(reply_close) close fd=170 fnum=18118 (numopen=107) [2011/10/11 16:43:34.037642, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.037700, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv, file_id = 801:1c4e62:0 gen_id = 679 has kernel oplock state of 1. [2011/10/11 16:43:34.037761, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000624E [2011/10/11 16:43:34.037809, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.037852, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 19 12:03:08 2000 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.037916, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3d27, type= 0x3, gen_id = 679, uid = 0, flags = 0, file_id 801:1c4e62:0, name_hash = 0x24923473 [2011/10/11 16:43:34.037965, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x24923473 [2011/10/11 16:43:34.038010, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000624E [2011/10/11 16:43:34.038065, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv = 0 [2011/10/11 16:43:34.038126, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv [2011/10/11 16:43:34.038175, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv (numopen=106) NT_STATUS_OK [2011/10/11 16:43:34.038219, 5] smbd/files.c:464(file_free) freed files structure 18118 (217 used) [2011/10/11 16:43:34.038265, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.038290, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59780 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.038506, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.038789, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.038841, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.038883, 3] smbd/process.c:1661(process_smb) Transaction 7915 of length 45 (0 toread) [2011/10/11 16:43:34.038925, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.038950, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59844 smt_wct=3 smb_vwv[ 0]=18119 (0x46C7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.039212, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.039239, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.039284, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.039328, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.039778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.039907, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.039962, 3] smbd/reply.c:4850(reply_close) close fd=171 fnum=18119 (numopen=106) [2011/10/11 16:43:34.040005, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.040063, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb, file_id = 801:1bcec5:0 gen_id = 680 has kernel oplock state of 1. [2011/10/11 16:43:34.040123, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C5CE [2011/10/11 16:43:34.040175, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.040218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Dec 13 18:37:04 2006 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.040299, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3f04, type= 0x3, gen_id = 680, uid = 0, flags = 0, file_id 801:1bcec5:0, name_hash = 0xaeeec502 [2011/10/11 16:43:34.040349, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaeeec502 [2011/10/11 16:43:34.040397, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C5CE [2011/10/11 16:43:34.040452, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb = 0 [2011/10/11 16:43:34.040498, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb [2011/10/11 16:43:34.040545, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb (numopen=105) NT_STATUS_OK [2011/10/11 16:43:34.040590, 5] smbd/files.c:464(file_free) freed files structure 18119 (216 used) [2011/10/11 16:43:34.040637, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.040662, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59844 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.040879, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.041157, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.041206, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.041248, 3] smbd/process.c:1661(process_smb) Transaction 7916 of length 45 (0 toread) [2011/10/11 16:43:34.041290, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.041315, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59908 smt_wct=3 smb_vwv[ 0]=18121 (0x46C9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.041598, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.041626, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.041671, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.041715, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.042162, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.042292, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.042367, 3] smbd/reply.c:4850(reply_close) close fd=173 fnum=18121 (numopen=105) [2011/10/11 16:43:34.042411, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.042469, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf, file_id = 801:1c0e18:0 gen_id = 682 has kernel oplock state of 1. [2011/10/11 16:43:34.042530, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000180E [2011/10/11 16:43:34.042578, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.042621, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 28 17:54:02 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.042685, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4bd7, type= 0x3, gen_id = 682, uid = 0, flags = 0, file_id 801:1c0e18:0, name_hash = 0x50c09e6d [2011/10/11 16:43:34.042734, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x50c09e6d [2011/10/11 16:43:34.042779, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000180E [2011/10/11 16:43:34.042833, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf = 0 [2011/10/11 16:43:34.042879, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf [2011/10/11 16:43:34.042927, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf (numopen=104) NT_STATUS_OK [2011/10/11 16:43:34.042971, 5] smbd/files.c:464(file_free) freed files structure 18121 (215 used) [2011/10/11 16:43:34.043017, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.043042, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59908 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.043258, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.043541, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.043593, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.043635, 3] smbd/process.c:1661(process_smb) Transaction 7917 of length 45 (0 toread) [2011/10/11 16:43:34.043677, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.043702, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59972 smt_wct=3 smb_vwv[ 0]=18122 (0x46CA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.043964, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.043991, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.044036, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.044080, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.044546, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.044676, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.044730, 3] smbd/reply.c:4850(reply_close) close fd=174 fnum=18122 (numopen=104) [2011/10/11 16:43:34.044773, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.044832, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc, file_id = 801:109a56:0 gen_id = 683 has kernel oplock state of 1. [2011/10/11 16:43:34.044892, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000569A [2011/10/11 16:43:34.044941, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.044983, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.045047, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c1b, type= 0x3, gen_id = 683, uid = 0, flags = 0, file_id 801:109a56:0, name_hash = 0x3e66f9c [2011/10/11 16:43:34.045097, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3e66f9c [2011/10/11 16:43:34.045142, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000569A [2011/10/11 16:43:34.045197, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc = 0 [2011/10/11 16:43:34.045242, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc [2011/10/11 16:43:34.045289, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc (numopen=103) NT_STATUS_OK [2011/10/11 16:43:34.045334, 5] smbd/files.c:464(file_free) freed files structure 18122 (214 used) [2011/10/11 16:43:34.045397, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.045424, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59972 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.045638, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.045926, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.045976, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.046018, 3] smbd/process.c:1661(process_smb) Transaction 7918 of length 45 (0 toread) [2011/10/11 16:43:34.046059, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.046084, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60036 smt_wct=3 smb_vwv[ 0]=18123 (0x46CB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.046346, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.046372, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.046436, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.046480, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.046925, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.047053, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.047107, 3] smbd/reply.c:4850(reply_close) close fd=175 fnum=18123 (numopen=103) [2011/10/11 16:43:34.047150, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.047209, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc, file_id = 801:109a55:0 gen_id = 684 has kernel oplock state of 1. [2011/10/11 16:43:34.047270, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000559A [2011/10/11 16:43:34.047318, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.047360, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Sep 13 16:40:32 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.047423, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c5a, type= 0x3, gen_id = 684, uid = 0, flags = 0, file_id 801:109a55:0, name_hash = 0xee2d9552 [2011/10/11 16:43:34.047473, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xee2d9552 [2011/10/11 16:43:34.047518, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000559A [2011/10/11 16:43:34.047573, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc = 0 [2011/10/11 16:43:34.047618, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc [2011/10/11 16:43:34.047665, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc (numopen=102) NT_STATUS_OK [2011/10/11 16:43:34.047710, 5] smbd/files.c:464(file_free) freed files structure 18123 (213 used) [2011/10/11 16:43:34.047756, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.047781, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60036 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.047996, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.048296, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.048346, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.048388, 3] smbd/process.c:1661(process_smb) Transaction 7919 of length 45 (0 toread) [2011/10/11 16:43:34.048430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.048455, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60100 smt_wct=3 smb_vwv[ 0]=18124 (0x46CC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.048716, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.048742, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.048788, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.048831, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.049275, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.049425, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.049481, 3] smbd/reply.c:4850(reply_close) close fd=176 fnum=18124 (numopen=102) [2011/10/11 16:43:34.049523, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.049582, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod, file_id = 801:109a54:0 gen_id = 685 has kernel oplock state of 1. [2011/10/11 16:43:34.049642, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000549A [2011/10/11 16:43:34.049690, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.049732, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:07:28 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.049796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c98, type= 0x3, gen_id = 685, uid = 0, flags = 0, file_id 801:109a54:0, name_hash = 0x3f452c98 [2011/10/11 16:43:34.049845, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3f452c98 [2011/10/11 16:43:34.049890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000549A [2011/10/11 16:43:34.049944, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod = 0 [2011/10/11 16:43:34.049989, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod [2011/10/11 16:43:34.050053, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod (numopen=101) NT_STATUS_OK [2011/10/11 16:43:34.050098, 5] smbd/files.c:464(file_free) freed files structure 18124 (212 used) [2011/10/11 16:43:34.050144, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.050169, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60100 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.050383, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.050680, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.050731, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.050772, 3] smbd/process.c:1661(process_smb) Transaction 7920 of length 45 (0 toread) [2011/10/11 16:43:34.050814, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.050839, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60164 smt_wct=3 smb_vwv[ 0]=18125 (0x46CD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.051099, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.051126, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.051172, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.051215, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.051660, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.051788, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.051845, 3] smbd/reply.c:4850(reply_close) close fd=177 fnum=18125 (numopen=101) [2011/10/11 16:43:34.051887, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.051947, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh, file_id = 801:109a53:0 gen_id = 686 has kernel oplock state of 1. [2011/10/11 16:43:34.052008, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000539A [2011/10/11 16:43:34.052056, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.052098, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.052162, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4ce7, type= 0x3, gen_id = 686, uid = 0, flags = 0, file_id 801:109a53:0, name_hash = 0x6c2f9c38 [2011/10/11 16:43:34.052229, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6c2f9c38 [2011/10/11 16:43:34.052274, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000539A [2011/10/11 16:43:34.052329, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh = 0 [2011/10/11 16:43:34.052374, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh [2011/10/11 16:43:34.052420, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh (numopen=100) NT_STATUS_OK [2011/10/11 16:43:34.052465, 5] smbd/files.c:464(file_free) freed files structure 18125 (211 used) [2011/10/11 16:43:34.052512, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.052538, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60164 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.052753, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.053048, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.053098, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.053140, 3] smbd/process.c:1661(process_smb) Transaction 7921 of length 45 (0 toread) [2011/10/11 16:43:34.053181, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.053206, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60228 smt_wct=3 smb_vwv[ 0]=18120 (0x46C8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.053488, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.053516, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.053561, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.053605, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.054051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.054180, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.054234, 3] smbd/reply.c:4850(reply_close) close fd=172 fnum=18120 (numopen=100) [2011/10/11 16:43:34.054276, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.054353, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt, file_id = 801:1c0e19:0 gen_id = 681 has kernel oplock state of 1. [2011/10/11 16:43:34.054413, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000190E [2011/10/11 16:43:34.054461, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.054503, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 28 17:54:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.054567, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4b99, type= 0x3, gen_id = 681, uid = 0, flags = 0, file_id 801:1c0e19:0, name_hash = 0xc7e09383 [2011/10/11 16:43:34.054616, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc7e09383 [2011/10/11 16:43:34.054661, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000190E [2011/10/11 16:43:34.054714, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt = 0 [2011/10/11 16:43:34.054760, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt [2011/10/11 16:43:34.054806, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt (numopen=99) NT_STATUS_OK [2011/10/11 16:43:34.054851, 5] smbd/files.c:464(file_free) freed files structure 18120 (210 used) [2011/10/11 16:43:34.054897, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.054922, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60228 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.055135, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.055451, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.055502, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.055544, 3] smbd/process.c:1661(process_smb) Transaction 7922 of length 45 (0 toread) [2011/10/11 16:43:34.055585, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.055610, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60292 smt_wct=3 smb_vwv[ 0]=18126 (0x46CE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.055889, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.055917, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.055962, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.056006, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.056469, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.056598, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.056654, 3] smbd/reply.c:4850(reply_close) close fd=178 fnum=18126 (numopen=99) [2011/10/11 16:43:34.056696, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.056756, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog, file_id = 801:109a51:0 gen_id = 687 has kernel oplock state of 1. [2011/10/11 16:43:34.056816, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000519A [2011/10/11 16:43:34.056865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.056907, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.056971, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4ec4, type= 0x3, gen_id = 687, uid = 0, flags = 0, file_id 801:109a51:0, name_hash = 0x45c9fca2 [2011/10/11 16:43:34.057021, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x45c9fca2 [2011/10/11 16:43:34.057066, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000519A [2011/10/11 16:43:34.057121, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog = 0 [2011/10/11 16:43:34.057166, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog [2011/10/11 16:43:34.057212, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog (numopen=98) NT_STATUS_OK [2011/10/11 16:43:34.057257, 5] smbd/files.c:464(file_free) freed files structure 18126 (209 used) [2011/10/11 16:43:34.057303, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.057328, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60292 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.057564, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.057636, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 84 [2011/10/11 16:43:34.057684, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x54 [2011/10/11 16:43:34.057726, 3] smbd/process.c:1661(process_smb) Transaction 7923 of length 88 (0 toread) [2011/10/11 16:43:34.057795, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.057821, 5] lib/util.c:341(show_msg) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=60389 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]=18495 (0x483F) smb_vwv[22]= 1 (0x1) smb_bcc=3 [2011/10/11 16:43:34.058418, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ... [2011/10/11 16:43:34.058472, 3] smbd/process.c:1466(switch_message) switch message SMBnttrans (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:34.058519, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.058562, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.059006, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.059135, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.059179, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:34.059229, 10] smbd/nttrans.c:3054(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 [2011/10/11 16:43:34.059273, 10] smbd/nttrans.c:3126(reply_nttrans) reply_nttrans: state->setup_count = 8 [2011/10/11 16:43:34.059315, 10] ../lib/util/util.c:415(dump_data) [0000] 03 00 00 00 3F 48 01 00 ....?H.. [2011/10/11 16:43:34.059371, 3] smbd/nttrans.c:1697(call_nt_transact_notify_change) call_nt_transact_notify_change [2011/10/11 16:43:34.059416, 3] smbd/nttrans.c:1714(call_nt_transact_notify_change) call_nt_transact_notify_change: notify change called on ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, filter = FILE_NAME|DIR_NAME, recursive = 1 [2011/10/11 16:43:34.059460, 10] smbd/notify.c:228(change_notify_add_request) change_notify_add_request: Adding request for ando/Microsoft/Internet Explorer/Quick Launch/User Pinned: max_param = 32 [2011/10/11 16:43:34.059525, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.059571, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.059613, 3] smbd/process.c:1661(process_smb) Transaction 7924 of length 45 (0 toread) [2011/10/11 16:43:34.059654, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.059679, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60420 smt_wct=3 smb_vwv[ 0]=18127 (0x46CF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.059940, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.059967, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.060011, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.060068, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.060515, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.060642, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.060685, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:34.060743, 3] smbd/reply.c:4850(reply_close) close fd=179 fnum=18127 (numopen=98) [2011/10/11 16:43:34.060785, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.060845, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe, file_id = 801:109a50:0 gen_id = 688 has kernel oplock state of 1. [2011/10/11 16:43:34.060905, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000509A [2011/10/11 16:43:34.060954, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.060996, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue May 15 14:11:30 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.061061, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6230, type= 0x3, gen_id = 688, uid = 0, flags = 0, file_id 801:109a50:0, name_hash = 0x2c6f11ed [2011/10/11 16:43:34.061110, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2c6f11ed [2011/10/11 16:43:34.061155, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000509A [2011/10/11 16:43:34.061209, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe = 0 [2011/10/11 16:43:34.061255, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe [2011/10/11 16:43:34.061301, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe (numopen=97) NT_STATUS_OK [2011/10/11 16:43:34.061346, 5] smbd/files.c:464(file_free) freed files structure 18127 (208 used) [2011/10/11 16:43:34.061412, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.061438, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60420 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.061653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.061902, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.061971, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.062014, 3] smbd/process.c:1661(process_smb) Transaction 7925 of length 45 (0 toread) [2011/10/11 16:43:34.062056, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.062081, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60484 smt_wct=3 smb_vwv[ 0]=18128 (0x46D0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.062342, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.062369, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.062415, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.062459, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.062907, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.063037, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.063095, 3] smbd/reply.c:4850(reply_close) close fd=180 fnum=18128 (numopen=97) [2011/10/11 16:43:34.063138, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.063197, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod, file_id = 801:109a4f:0 gen_id = 689 has kernel oplock state of 1. [2011/10/11 16:43:34.063258, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004F9A [2011/10/11 16:43:34.063306, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.063348, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue May 15 13:28:18 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.063413, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x625b, type= 0x3, gen_id = 689, uid = 0, flags = 0, file_id 801:109a4f:0, name_hash = 0x700d94d9 [2011/10/11 16:43:34.063462, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x700d94d9 [2011/10/11 16:43:34.063511, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004F9A [2011/10/11 16:43:34.063566, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod = 0 [2011/10/11 16:43:34.063611, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod [2011/10/11 16:43:34.063672, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod (numopen=96) NT_STATUS_OK [2011/10/11 16:43:34.063717, 5] smbd/files.c:464(file_free) freed files structure 18128 (207 used) [2011/10/11 16:43:34.063764, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.063789, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60484 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.064004, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.064205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.064254, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.064296, 3] smbd/process.c:1661(process_smb) Transaction 7926 of length 45 (0 toread) [2011/10/11 16:43:34.064338, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.064363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60548 smt_wct=3 smb_vwv[ 0]=18129 (0x46D1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.064624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.064651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.064696, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.064740, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.065185, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.065314, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.065369, 3] smbd/reply.c:4850(reply_close) close fd=181 fnum=18129 (numopen=96) [2011/10/11 16:43:34.065433, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.065492, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc, file_id = 801:109a4e:0 gen_id = 690 has kernel oplock state of 1. [2011/10/11 16:43:34.065552, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004E9A [2011/10/11 16:43:34.065600, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.065643, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 3 16:32:24 2007 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.065707, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x629a, type= 0x3, gen_id = 690, uid = 0, flags = 0, file_id 801:109a4e:0, name_hash = 0xf4ce91e2 [2011/10/11 16:43:34.065778, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf4ce91e2 [2011/10/11 16:43:34.065824, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004E9A [2011/10/11 16:43:34.065878, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc = 0 [2011/10/11 16:43:34.065923, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc [2011/10/11 16:43:34.065970, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc (numopen=95) NT_STATUS_OK [2011/10/11 16:43:34.066015, 5] smbd/files.c:464(file_free) freed files structure 18129 (206 used) [2011/10/11 16:43:34.066061, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.066086, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60548 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.066302, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.066538, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.066588, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.066631, 3] smbd/process.c:1661(process_smb) Transaction 7927 of length 45 (0 toread) [2011/10/11 16:43:34.066672, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.066697, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60612 smt_wct=3 smb_vwv[ 0]=18130 (0x46D2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.066959, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.066987, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.067032, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.067075, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.067523, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.067653, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.067710, 3] smbd/reply.c:4850(reply_close) close fd=182 fnum=18130 (numopen=95) [2011/10/11 16:43:34.067753, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.067828, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob, file_id = 801:109a4d:0 gen_id = 691 has kernel oplock state of 1. [2011/10/11 16:43:34.067889, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004D9A [2011/10/11 16:43:34.067938, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.067980, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 26 13:23:24 2002 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.068044, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x62d8, type= 0x3, gen_id = 691, uid = 0, flags = 0, file_id 801:109a4d:0, name_hash = 0xde293782 [2011/10/11 16:43:34.068094, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xde293782 [2011/10/11 16:43:34.068139, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004D9A [2011/10/11 16:43:34.068193, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob = 0 [2011/10/11 16:43:34.068238, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob [2011/10/11 16:43:34.068285, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob (numopen=94) NT_STATUS_OK [2011/10/11 16:43:34.068330, 5] smbd/files.c:464(file_free) freed files structure 18130 (205 used) [2011/10/11 16:43:34.068376, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.068401, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60612 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.068616, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.068886, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.068935, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.068977, 3] smbd/process.c:1661(process_smb) Transaction 7928 of length 45 (0 toread) [2011/10/11 16:43:34.069019, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.069044, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60676 smt_wct=3 smb_vwv[ 0]=18131 (0x46D3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.069306, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.069333, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.069399, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.069444, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.069910, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.070040, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.070097, 3] smbd/reply.c:4850(reply_close) close fd=183 fnum=18131 (numopen=94) [2011/10/11 16:43:34.070141, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.070201, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc, file_id = 801:109a4c:0 gen_id = 692 has kernel oplock state of 1. [2011/10/11 16:43:34.070261, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004C9A [2011/10/11 16:43:34.070310, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.070352, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:06:48 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.070416, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6327, type= 0x3, gen_id = 692, uid = 0, flags = 0, file_id 801:109a4c:0, name_hash = 0x1b975ec2 [2011/10/11 16:43:34.070466, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1b975ec2 [2011/10/11 16:43:34.070511, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004C9A [2011/10/11 16:43:34.070564, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc = 0 [2011/10/11 16:43:34.070610, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc [2011/10/11 16:43:34.070657, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc (numopen=93) NT_STATUS_OK [2011/10/11 16:43:34.070701, 5] smbd/files.c:464(file_free) freed files structure 18131 (204 used) [2011/10/11 16:43:34.070747, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.070772, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60676 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.070988, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.071205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.071256, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.071298, 3] smbd/process.c:1661(process_smb) Transaction 7929 of length 45 (0 toread) [2011/10/11 16:43:34.071340, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.071365, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60740 smt_wct=3 smb_vwv[ 0]=18132 (0x46D4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.071628, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.071656, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.071701, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.071762, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.072212, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.072342, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.072395, 3] smbd/reply.c:4850(reply_close) close fd=184 fnum=18132 (numopen=93) [2011/10/11 16:43:34.072437, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.072496, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog, file_id = 801:109a4b:0 gen_id = 693 has kernel oplock state of 1. [2011/10/11 16:43:34.072556, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004B9A [2011/10/11 16:43:34.072609, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.072651, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:05:48 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.072715, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x63a8, type= 0x3, gen_id = 693, uid = 0, flags = 0, file_id 801:109a4b:0, name_hash = 0x80fc5d2f [2011/10/11 16:43:34.072765, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x80fc5d2f [2011/10/11 16:43:34.072813, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004B9A [2011/10/11 16:43:34.072867, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog = 0 [2011/10/11 16:43:34.072913, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog [2011/10/11 16:43:34.072960, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog (numopen=92) NT_STATUS_OK [2011/10/11 16:43:34.073004, 5] smbd/files.c:464(file_free) freed files structure 18132 (203 used) [2011/10/11 16:43:34.073050, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.073075, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60740 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.073291, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.073599, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.073650, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.073709, 3] smbd/process.c:1661(process_smb) Transaction 7930 of length 45 (0 toread) [2011/10/11 16:43:34.073752, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.073777, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60804 smt_wct=3 smb_vwv[ 0]=18133 (0x46D5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.074037, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.074065, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.074110, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.074153, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.074596, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.074725, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.074781, 3] smbd/reply.c:4850(reply_close) close fd=185 fnum=18133 (numopen=92) [2011/10/11 16:43:34.074823, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.074883, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml, file_id = 801:109a4a:0 gen_id = 694 has kernel oplock state of 1. [2011/10/11 16:43:34.074944, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004A9A [2011/10/11 16:43:34.074995, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.075037, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:19 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.075101, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6504, type= 0x3, gen_id = 694, uid = 0, flags = 0, file_id 801:109a4a:0, name_hash = 0xaf2aacb8 [2011/10/11 16:43:34.075150, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaf2aacb8 [2011/10/11 16:43:34.075198, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004A9A [2011/10/11 16:43:34.075252, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml = 0 [2011/10/11 16:43:34.075297, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml [2011/10/11 16:43:34.075344, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml (numopen=91) NT_STATUS_OK [2011/10/11 16:43:34.075404, 5] smbd/files.c:464(file_free) freed files structure 18133 (202 used) [2011/10/11 16:43:34.075451, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.075476, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60804 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.075689, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.075887, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.075937, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.075979, 3] smbd/process.c:1661(process_smb) Transaction 7931 of length 45 (0 toread) [2011/10/11 16:43:34.076021, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.076046, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60868 smt_wct=3 smb_vwv[ 0]=18134 (0x46D6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.076308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.076335, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.076380, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.076424, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.076870, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.076999, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.077052, 3] smbd/reply.c:4850(reply_close) close fd=186 fnum=18134 (numopen=91) [2011/10/11 16:43:34.077095, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.077152, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc, file_id = 801:109a49:0 gen_id = 695 has kernel oplock state of 1. [2011/10/11 16:43:34.077212, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000499A [2011/10/11 16:43:34.077260, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.077302, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Mar 25 19:22:08 2003 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.077366, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x74b0, type= 0x3, gen_id = 695, uid = 0, flags = 0, file_id 801:109a49:0, name_hash = 0x6557ff81 [2011/10/11 16:43:34.077452, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6557ff81 [2011/10/11 16:43:34.077499, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000499A [2011/10/11 16:43:34.077552, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc = 0 [2011/10/11 16:43:34.077598, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc [2011/10/11 16:43:34.077645, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc (numopen=90) NT_STATUS_OK [2011/10/11 16:43:34.077690, 5] smbd/files.c:464(file_free) freed files structure 18134 (201 used) [2011/10/11 16:43:34.077736, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.077761, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60868 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.077976, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.078170, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.078220, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.078263, 3] smbd/process.c:1661(process_smb) Transaction 7932 of length 45 (0 toread) [2011/10/11 16:43:34.078305, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.078330, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60932 smt_wct=3 smb_vwv[ 0]=18135 (0x46D7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.078592, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.078620, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.078665, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.078709, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.079158, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.079288, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.079343, 3] smbd/reply.c:4850(reply_close) close fd=187 fnum=18135 (numopen=90) [2011/10/11 16:43:34.079386, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.079445, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh, file_id = 801:109a3f:0 gen_id = 696 has kernel oplock state of 1. [2011/10/11 16:43:34.079523, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003F9A [2011/10/11 16:43:34.079572, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.079614, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:05:00 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.079678, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x74db, type= 0x3, gen_id = 696, uid = 0, flags = 0, file_id 801:109a3f:0, name_hash = 0xa6026e26 [2011/10/11 16:43:34.079728, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa6026e26 [2011/10/11 16:43:34.079773, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003F9A [2011/10/11 16:43:34.079827, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh = 0 [2011/10/11 16:43:34.079872, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh [2011/10/11 16:43:34.079919, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh (numopen=89) NT_STATUS_OK [2011/10/11 16:43:34.079964, 5] smbd/files.c:464(file_free) freed files structure 18135 (200 used) [2011/10/11 16:43:34.080012, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.080037, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60932 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.080250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.080439, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.080489, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.080531, 3] smbd/process.c:1661(process_smb) Transaction 7933 of length 45 (0 toread) [2011/10/11 16:43:34.080573, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.080598, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60996 smt_wct=3 smb_vwv[ 0]=18136 (0x46D8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.080859, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.080887, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.080932, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.080976, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.081459, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.081590, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.081644, 3] smbd/reply.c:4850(reply_close) close fd=188 fnum=18136 (numopen=89) [2011/10/11 16:43:34.081686, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.081746, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc, file_id = 801:109a3e:0 gen_id = 697 has kernel oplock state of 1. [2011/10/11 16:43:34.081806, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003E9A [2011/10/11 16:43:34.081855, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.081897, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jun 20 16:47:46 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.081961, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x751a, type= 0x3, gen_id = 697, uid = 0, flags = 0, file_id 801:109a3e:0, name_hash = 0xe06c0c6b [2011/10/11 16:43:34.082011, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe06c0c6b [2011/10/11 16:43:34.082056, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003E9A [2011/10/11 16:43:34.082109, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc = 0 [2011/10/11 16:43:34.082155, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc [2011/10/11 16:43:34.082202, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc (numopen=88) NT_STATUS_OK [2011/10/11 16:43:34.082247, 5] smbd/files.c:464(file_free) freed files structure 18136 (199 used) [2011/10/11 16:43:34.082291, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.082316, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60996 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.082532, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.082786, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.082837, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.082879, 3] smbd/process.c:1661(process_smb) Transaction 7934 of length 45 (0 toread) [2011/10/11 16:43:34.082921, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.082946, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61060 smt_wct=3 smb_vwv[ 0]=18137 (0x46D9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.083207, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.083235, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.083280, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.083324, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.083790, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.083919, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.083972, 3] smbd/reply.c:4850(reply_close) close fd=189 fnum=18137 (numopen=88) [2011/10/11 16:43:34.084015, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.084075, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc, file_id = 801:109a3d:0 gen_id = 698 has kernel oplock state of 1. [2011/10/11 16:43:34.084135, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003D9A [2011/10/11 16:43:34.084183, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.084226, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.084290, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7567, type= 0x3, gen_id = 698, uid = 0, flags = 0, file_id 801:109a3d:0, name_hash = 0x97a9efe2 [2011/10/11 16:43:34.084340, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x97a9efe2 [2011/10/11 16:43:34.084385, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003D9A [2011/10/11 16:43:34.084439, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc = 0 [2011/10/11 16:43:34.084485, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc [2011/10/11 16:43:34.084532, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc (numopen=87) NT_STATUS_OK [2011/10/11 16:43:34.084577, 5] smbd/files.c:464(file_free) freed files structure 18137 (198 used) [2011/10/11 16:43:34.084624, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.084649, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61060 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.084868, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.085121, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.085170, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.085212, 3] smbd/process.c:1661(process_smb) Transaction 7935 of length 45 (0 toread) [2011/10/11 16:43:34.085255, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.085295, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61124 smt_wct=3 smb_vwv[ 0]=18138 (0x46DA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.085581, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.085608, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.085653, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.085697, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.086147, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.086277, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.086330, 3] smbd/reply.c:4850(reply_close) close fd=190 fnum=18138 (numopen=87) [2011/10/11 16:43:34.086373, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.086433, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog, file_id = 801:109a3c:0 gen_id = 699 has kernel oplock state of 1. [2011/10/11 16:43:34.086495, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003C9A [2011/10/11 16:43:34.086543, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.086585, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:04:20 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.086650, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7597, type= 0x3, gen_id = 699, uid = 0, flags = 0, file_id 801:109a3c:0, name_hash = 0xa562da [2011/10/11 16:43:34.086700, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa562da [2011/10/11 16:43:34.086745, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003C9A [2011/10/11 16:43:34.086799, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog = 0 [2011/10/11 16:43:34.086845, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog [2011/10/11 16:43:34.086892, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog (numopen=86) NT_STATUS_OK [2011/10/11 16:43:34.086951, 5] smbd/files.c:464(file_free) freed files structure 18138 (197 used) [2011/10/11 16:43:34.086998, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.087023, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61124 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.087236, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.087500, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.087551, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.087593, 3] smbd/process.c:1661(process_smb) Transaction 7936 of length 45 (0 toread) [2011/10/11 16:43:34.087635, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.087660, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61188 smt_wct=3 smb_vwv[ 0]=18139 (0x46DB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.087921, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.087947, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.087993, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.088036, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.088483, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.088612, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.088667, 3] smbd/reply.c:4850(reply_close) close fd=191 fnum=18139 (numopen=86) [2011/10/11 16:43:34.088709, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.088767, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt, file_id = 801:109a3b:0 gen_id = 700 has kernel oplock state of 1. [2011/10/11 16:43:34.088827, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003B9A [2011/10/11 16:43:34.088875, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.088917, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 17:34:58 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.088980, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7628, type= 0x3, gen_id = 700, uid = 0, flags = 0, file_id 801:109a3b:0, name_hash = 0x43447f7a [2011/10/11 16:43:34.089030, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x43447f7a [2011/10/11 16:43:34.089097, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003B9A [2011/10/11 16:43:34.089151, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt = 0 [2011/10/11 16:43:34.089196, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt [2011/10/11 16:43:34.089244, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt (numopen=85) NT_STATUS_OK [2011/10/11 16:43:34.089289, 5] smbd/files.c:464(file_free) freed files structure 18139 (196 used) [2011/10/11 16:43:34.089335, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.089360, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61188 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.089597, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.089853, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.089903, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.089946, 3] smbd/process.c:1661(process_smb) Transaction 7937 of length 45 (0 toread) [2011/10/11 16:43:34.089988, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.090012, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61252 smt_wct=3 smb_vwv[ 0]=18140 (0x46DC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.090274, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.090302, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.090347, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.090391, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.090838, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.090968, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.091023, 3] smbd/reply.c:4850(reply_close) close fd=192 fnum=18140 (numopen=85) [2011/10/11 16:43:34.091066, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.091126, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe, file_id = 801:109a3a:0 gen_id = 701 has kernel oplock state of 1. [2011/10/11 16:43:34.091203, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003A9A [2011/10/11 16:43:34.091253, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.091295, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:04:00 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.091359, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7784, type= 0x3, gen_id = 701, uid = 0, flags = 0, file_id 801:109a3a:0, name_hash = 0xb334d47d [2011/10/11 16:43:34.091409, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb334d47d [2011/10/11 16:43:34.091454, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003A9A [2011/10/11 16:43:34.091508, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe = 0 [2011/10/11 16:43:34.091553, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe [2011/10/11 16:43:34.091600, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe (numopen=84) NT_STATUS_OK [2011/10/11 16:43:34.091645, 5] smbd/files.c:464(file_free) freed files structure 18140 (195 used) [2011/10/11 16:43:34.091691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.091716, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61252 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.091931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.092182, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.092231, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.092273, 3] smbd/process.c:1661(process_smb) Transaction 7938 of length 45 (0 toread) [2011/10/11 16:43:34.092315, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.092340, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61316 smt_wct=3 smb_vwv[ 0]=18141 (0x46DD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.092601, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.092628, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.092674, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.092717, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.093164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.093310, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.093364, 3] smbd/reply.c:4850(reply_close) close fd=193 fnum=18141 (numopen=84) [2011/10/11 16:43:34.093447, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.093508, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb, file_id = 801:105b66:0 gen_id = 702 has kernel oplock state of 1. [2011/10/11 16:43:34.093569, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000665B [2011/10/11 16:43:34.093618, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.093660, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.093725, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x84b0, type= 0x3, gen_id = 702, uid = 0, flags = 0, file_id 801:105b66:0, name_hash = 0xbdd671e7 [2011/10/11 16:43:34.093775, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbdd671e7 [2011/10/11 16:43:34.093820, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000665B [2011/10/11 16:43:34.093874, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb = 0 [2011/10/11 16:43:34.093919, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb [2011/10/11 16:43:34.093967, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb (numopen=83) NT_STATUS_OK [2011/10/11 16:43:34.094012, 5] smbd/files.c:464(file_free) freed files structure 18141 (194 used) [2011/10/11 16:43:34.094058, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.094083, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61316 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.094296, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.094554, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.094604, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.094646, 3] smbd/process.c:1661(process_smb) Transaction 7939 of length 45 (0 toread) [2011/10/11 16:43:34.094688, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.094713, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61380 smt_wct=3 smb_vwv[ 0]=18142 (0x46DE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.094975, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.095003, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.095048, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.095092, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.095559, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.095689, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.095746, 3] smbd/reply.c:4850(reply_close) close fd=194 fnum=18142 (numopen=83) [2011/10/11 16:43:34.095788, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.095848, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba, file_id = 801:105b65:0 gen_id = 703 has kernel oplock state of 1. [2011/10/11 16:43:34.095909, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000655B [2011/10/11 16:43:34.095957, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.095999, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.096064, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x84db, type= 0x3, gen_id = 703, uid = 0, flags = 0, file_id 801:105b65:0, name_hash = 0xbb46dac3 [2011/10/11 16:43:34.096114, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb46dac3 [2011/10/11 16:43:34.096159, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000655B [2011/10/11 16:43:34.096213, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba = 0 [2011/10/11 16:43:34.096258, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba [2011/10/11 16:43:34.096306, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba (numopen=82) NT_STATUS_OK [2011/10/11 16:43:34.096350, 5] smbd/files.c:464(file_free) freed files structure 18142 (193 used) [2011/10/11 16:43:34.096396, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.096421, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61380 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.096634, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.096852, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.096901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.096944, 3] smbd/process.c:1661(process_smb) Transaction 7940 of length 45 (0 toread) [2011/10/11 16:43:34.096986, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.097010, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61444 smt_wct=3 smb_vwv[ 0]=18143 (0x46DF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.097289, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.097316, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.097361, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.097426, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.097874, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.098004, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.098056, 3] smbd/reply.c:4850(reply_close) close fd=195 fnum=18143 (numopen=82) [2011/10/11 16:43:34.098098, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.098158, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb, file_id = 801:105b64:0 gen_id = 704 has kernel oplock state of 1. [2011/10/11 16:43:34.098218, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000645B [2011/10/11 16:43:34.098267, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.098308, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.098373, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x851a, type= 0x3, gen_id = 704, uid = 0, flags = 0, file_id 801:105b64:0, name_hash = 0x532884fb [2011/10/11 16:43:34.098422, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x532884fb [2011/10/11 16:43:34.098467, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000645B [2011/10/11 16:43:34.098521, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb = 0 [2011/10/11 16:43:34.098566, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb [2011/10/11 16:43:34.098613, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb (numopen=81) NT_STATUS_OK [2011/10/11 16:43:34.098657, 5] smbd/files.c:464(file_free) freed files structure 18143 (192 used) [2011/10/11 16:43:34.098717, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.098743, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61444 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.098955, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.099150, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.099201, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.099243, 3] smbd/process.c:1661(process_smb) Transaction 7941 of length 45 (0 toread) [2011/10/11 16:43:34.099285, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.099310, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61508 smt_wct=3 smb_vwv[ 0]=18144 (0x46E0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.099571, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.099598, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.099643, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.099687, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.100132, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.100260, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.100313, 3] smbd/reply.c:4850(reply_close) close fd=196 fnum=18144 (numopen=81) [2011/10/11 16:43:34.100355, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.100415, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc, file_id = 801:101a69:0 gen_id = 705 has kernel oplock state of 1. [2011/10/11 16:43:34.100475, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000691A [2011/10/11 16:43:34.100523, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.100565, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.100629, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8567, type= 0x3, gen_id = 705, uid = 0, flags = 0, file_id 801:101a69:0, name_hash = 0x2a431e9c [2011/10/11 16:43:34.100678, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2a431e9c [2011/10/11 16:43:34.100723, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000691A [2011/10/11 16:43:34.100796, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc = 0 [2011/10/11 16:43:34.100841, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc [2011/10/11 16:43:34.100888, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc (numopen=80) NT_STATUS_OK [2011/10/11 16:43:34.100933, 5] smbd/files.c:464(file_free) freed files structure 18144 (191 used) [2011/10/11 16:43:34.100979, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.101004, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61508 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.101219, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.101694, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.101745, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.101787, 3] smbd/process.c:1661(process_smb) Transaction 7942 of length 45 (0 toread) [2011/10/11 16:43:34.101829, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.101854, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61572 smt_wct=3 smb_vwv[ 0]=18145 (0x46E1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.102115, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.102142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.102188, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.102232, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.102678, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.102808, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.102861, 3] smbd/reply.c:4850(reply_close) close fd=197 fnum=18145 (numopen=80) [2011/10/11 16:43:34.102904, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.102964, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc, file_id = 801:101a61:0 gen_id = 706 has kernel oplock state of 1. [2011/10/11 16:43:34.103023, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000611A [2011/10/11 16:43:34.103089, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.103132, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.103197, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x85d7, type= 0x3, gen_id = 706, uid = 0, flags = 0, file_id 801:101a61:0, name_hash = 0xc4276ee0 [2011/10/11 16:43:34.103246, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc4276ee0 [2011/10/11 16:43:34.103291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000611A [2011/10/11 16:43:34.103345, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc = 0 [2011/10/11 16:43:34.103390, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc [2011/10/11 16:43:34.103437, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc (numopen=79) NT_STATUS_OK [2011/10/11 16:43:34.103482, 5] smbd/files.c:464(file_free) freed files structure 18145 (190 used) [2011/10/11 16:43:34.103528, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.103553, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61572 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.103768, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.104341, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.104390, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.104432, 3] smbd/process.c:1661(process_smb) Transaction 7943 of length 45 (0 toread) [2011/10/11 16:43:34.104474, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.104499, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61636 smt_wct=3 smb_vwv[ 0]=18146 (0x46E2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.104760, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.104787, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.104832, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.104875, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.105322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.105489, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.105544, 3] smbd/reply.c:4850(reply_close) close fd=198 fnum=18146 (numopen=79) [2011/10/11 16:43:34.105586, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.105645, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau, file_id = 801:f87c7:0 gen_id = 707 has kernel oplock state of 1. [2011/10/11 16:43:34.105706, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C787 [2011/10/11 16:43:34.105753, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.105795, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jan 28 18:00:04 2005 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.105859, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x860e, type= 0x3, gen_id = 707, uid = 0, flags = 0, file_id 801:f87c7:0, name_hash = 0x73399ab4 [2011/10/11 16:43:34.105909, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73399ab4 [2011/10/11 16:43:34.105953, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C787 [2011/10/11 16:43:34.106007, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau = 0 [2011/10/11 16:43:34.106052, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau [2011/10/11 16:43:34.106099, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau (numopen=78) NT_STATUS_OK [2011/10/11 16:43:34.106144, 5] smbd/files.c:464(file_free) freed files structure 18146 (189 used) [2011/10/11 16:43:34.106190, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.106215, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61636 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.106429, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.106985, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.107036, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.107078, 3] smbd/process.c:1661(process_smb) Transaction 7944 of length 45 (0 toread) [2011/10/11 16:43:34.107120, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.107144, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61700 smt_wct=3 smb_vwv[ 0]=18147 (0x46E3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.107406, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.107433, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.107479, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.107522, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.107986, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.108115, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.108169, 3] smbd/reply.c:4850(reply_close) close fd=199 fnum=18147 (numopen=78) [2011/10/11 16:43:34.108211, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.108270, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock, file_id = 801:ec76f:0 gen_id = 708 has kernel oplock state of 1. [2011/10/11 16:43:34.108330, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006FC7 [2011/10/11 16:43:34.108377, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.108419, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:09:40 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.108484, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8744, type= 0x3, gen_id = 708, uid = 0, flags = 0, file_id 801:ec76f:0, name_hash = 0xd26c2640 [2011/10/11 16:43:34.108533, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd26c2640 [2011/10/11 16:43:34.108578, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006FC7 [2011/10/11 16:43:34.108632, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock = 0 [2011/10/11 16:43:34.108676, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock [2011/10/11 16:43:34.108723, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock (numopen=77) NT_STATUS_OK [2011/10/11 16:43:34.108767, 5] smbd/files.c:464(file_free) freed files structure 18147 (188 used) [2011/10/11 16:43:34.108814, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.108840, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61700 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.109055, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.109647, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.109698, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.109740, 3] smbd/process.c:1661(process_smb) Transaction 7945 of length 45 (0 toread) [2011/10/11 16:43:34.109782, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.109807, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61764 smt_wct=3 smb_vwv[ 0]=18149 (0x46E5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.110087, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.110114, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.110160, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.110204, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.110650, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.110779, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.110835, 3] smbd/reply.c:4850(reply_close) close fd=201 fnum=18149 (numopen=77) [2011/10/11 16:43:34.110877, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.110935, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs, file_id = 801:a094c:0 gen_id = 710 has kernel oplock state of 1. [2011/10/11 16:43:34.110995, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004C09 [2011/10/11 16:43:34.111043, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.111085, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.111149, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x949b, type= 0x3, gen_id = 710, uid = 0, flags = 0, file_id 801:a094c:0, name_hash = 0x12e571e5 [2011/10/11 16:43:34.111198, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x12e571e5 [2011/10/11 16:43:34.111246, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004C09 [2011/10/11 16:43:34.111299, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs = 0 [2011/10/11 16:43:34.111343, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs [2011/10/11 16:43:34.111389, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs (numopen=76) NT_STATUS_OK [2011/10/11 16:43:34.111433, 5] smbd/files.c:464(file_free) freed files structure 18149 (187 used) [2011/10/11 16:43:34.111479, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.111503, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61764 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.111717, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.112308, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.112357, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.112399, 3] smbd/process.c:1661(process_smb) Transaction 7946 of length 45 (0 toread) [2011/10/11 16:43:34.112441, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.112466, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61828 smt_wct=3 smb_vwv[ 0]=18151 (0x46E7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.112726, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.112752, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.112797, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.112840, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.113283, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.113432, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.113483, 3] smbd/reply.c:4850(reply_close) close fd=203 fnum=18151 (numopen=76) [2011/10/11 16:43:34.113526, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.113584, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget, file_id = 801:a094a:0 gen_id = 712 has kernel oplock state of 1. [2011/10/11 16:43:34.113644, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004A09 [2011/10/11 16:43:34.113692, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.113733, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.113797, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9527, type= 0x3, gen_id = 712, uid = 0, flags = 0, file_id 801:a094a:0, name_hash = 0x5c52c27a [2011/10/11 16:43:34.113846, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5c52c27a [2011/10/11 16:43:34.113891, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004A09 [2011/10/11 16:43:34.113944, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget = 0 [2011/10/11 16:43:34.113988, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget [2011/10/11 16:43:34.114051, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget (numopen=75) NT_STATUS_OK [2011/10/11 16:43:34.114096, 5] smbd/files.c:464(file_free) freed files structure 18151 (186 used) [2011/10/11 16:43:34.114142, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.114167, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61828 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.114380, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.114955, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.115005, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.115047, 3] smbd/process.c:1661(process_smb) Transaction 7947 of length 45 (0 toread) [2011/10/11 16:43:34.115089, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.115114, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61892 smt_wct=3 smb_vwv[ 0]=18148 (0x46E4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.115375, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.115402, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.115447, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.115490, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.115936, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.116065, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.116118, 3] smbd/reply.c:4850(reply_close) close fd=200 fnum=18148 (numopen=75) [2011/10/11 16:43:34.116160, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.116220, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/.svn/entries, file_id = 801:c87e6:0 gen_id = 709 has kernel oplock state of 1. [2011/10/11 16:43:34.116281, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E687 [2011/10/11 16:43:34.116329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.116371, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.116435, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9470, type= 0x3, gen_id = 709, uid = 0, flags = 0, file_id 801:c87e6:0, name_hash = 0x55616db8 [2011/10/11 16:43:34.116502, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x55616db8 [2011/10/11 16:43:34.116548, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E687 [2011/10/11 16:43:34.116602, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/.svn/entries = 0 [2011/10/11 16:43:34.116646, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/.svn/entries [2011/10/11 16:43:34.116692, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/.svn/entries (numopen=74) NT_STATUS_OK [2011/10/11 16:43:34.116736, 5] smbd/files.c:464(file_free) freed files structure 18148 (185 used) [2011/10/11 16:43:34.116780, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.116805, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61892 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.117022, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.117606, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.117657, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.117699, 3] smbd/process.c:1661(process_smb) Transaction 7948 of length 45 (0 toread) [2011/10/11 16:43:34.117741, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.117766, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61956 smt_wct=3 smb_vwv[ 0]=18150 (0x46E6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.118029, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.118056, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.118101, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.118145, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.118593, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.118723, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.118776, 3] smbd/reply.c:4850(reply_close) close fd=202 fnum=18150 (numopen=74) [2011/10/11 16:43:34.118819, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.118879, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/desktop.ini, file_id = 801:a094b:0 gen_id = 711 has kernel oplock state of 1. [2011/10/11 16:43:34.118955, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004B09 [2011/10/11 16:43:34.119004, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.119047, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.119111, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x94da, type= 0x3, gen_id = 711, uid = 0, flags = 0, file_id 801:a094b:0, name_hash = 0xa5a3b88a [2011/10/11 16:43:34.119160, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa5a3b88a [2011/10/11 16:43:34.119205, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004B09 [2011/10/11 16:43:34.119259, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/desktop.ini = 0 [2011/10/11 16:43:34.119303, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/desktop.ini [2011/10/11 16:43:34.119349, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/desktop.ini (numopen=73) NT_STATUS_OK [2011/10/11 16:43:34.119393, 5] smbd/files.c:464(file_free) freed files structure 18150 (184 used) [2011/10/11 16:43:34.119440, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.119465, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61956 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.119682, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.120580, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.120629, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.120671, 3] smbd/process.c:1661(process_smb) Transaction 7949 of length 45 (0 toread) [2011/10/11 16:43:34.120713, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.120738, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62020 smt_wct=3 smb_vwv[ 0]=18152 (0x46E8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.121000, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.121026, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.121072, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.121115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.121583, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.121730, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.121785, 3] smbd/reply.c:4850(reply_close) close fd=204 fnum=18152 (numopen=73) [2011/10/11 16:43:34.121828, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.121889, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Kladblok.lnk, file_id = 801:a0947:0 gen_id = 713 has kernel oplock state of 1. [2011/10/11 16:43:34.121949, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004709 [2011/10/11 16:43:34.121997, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.122040, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.122103, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9597, type= 0x3, gen_id = 713, uid = 0, flags = 0, file_id 801:a0947:0, name_hash = 0xf5d4e713 [2011/10/11 16:43:34.122153, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf5d4e713 [2011/10/11 16:43:34.122197, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004709 [2011/10/11 16:43:34.122252, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Kladblok.lnk = 0 [2011/10/11 16:43:34.122296, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Kladblok.lnk [2011/10/11 16:43:34.122342, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Kladblok.lnk (numopen=72) NT_STATUS_OK [2011/10/11 16:43:34.122386, 5] smbd/files.c:464(file_free) freed files structure 18152 (183 used) [2011/10/11 16:43:34.122432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.122457, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62020 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.122671, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.122870, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.122920, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.122962, 3] smbd/process.c:1661(process_smb) Transaction 7950 of length 45 (0 toread) [2011/10/11 16:43:34.123003, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.123028, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62084 smt_wct=3 smb_vwv[ 0]=18153 (0x46E9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.123290, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.123317, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.123362, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.123406, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.123868, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.123997, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.124049, 3] smbd/reply.c:4850(reply_close) close fd=205 fnum=18153 (numopen=72) [2011/10/11 16:43:34.124092, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.124150, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Iview.lnk, file_id = 801:a0946:0 gen_id = 714 has kernel oplock state of 1. [2011/10/11 16:43:34.124210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004609 [2011/10/11 16:43:34.124258, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.124299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.124363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x95ce, type= 0x3, gen_id = 714, uid = 0, flags = 0, file_id 801:a0946:0, name_hash = 0xf30d0291 [2011/10/11 16:43:34.124413, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf30d0291 [2011/10/11 16:43:34.124458, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004609 [2011/10/11 16:43:34.124512, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Iview.lnk = 0 [2011/10/11 16:43:34.124555, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Iview.lnk [2011/10/11 16:43:34.124601, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Iview.lnk (numopen=71) NT_STATUS_OK [2011/10/11 16:43:34.124645, 5] smbd/files.c:464(file_free) freed files structure 18153 (182 used) [2011/10/11 16:43:34.124691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.124717, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62084 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.124932, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.125113, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.125162, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.125205, 3] smbd/process.c:1661(process_smb) Transaction 7951 of length 45 (0 toread) [2011/10/11 16:43:34.125246, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.125271, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62148 smt_wct=3 smb_vwv[ 0]=18154 (0x46EA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.125553, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.125580, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.125641, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.125686, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.126133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.126263, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.126316, 3] smbd/reply.c:4850(reply_close) close fd=206 fnum=18154 (numopen=71) [2011/10/11 16:43:34.126359, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.126418, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Wordpad.lnk, file_id = 801:a0945:0 gen_id = 715 has kernel oplock state of 1. [2011/10/11 16:43:34.126478, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004509 [2011/10/11 16:43:34.126525, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.126567, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.126631, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9704, type= 0x3, gen_id = 715, uid = 0, flags = 0, file_id 801:a0945:0, name_hash = 0xb9d38ec3 [2011/10/11 16:43:34.126681, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb9d38ec3 [2011/10/11 16:43:34.126726, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004509 [2011/10/11 16:43:34.126780, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Wordpad.lnk = 0 [2011/10/11 16:43:34.126823, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Wordpad.lnk [2011/10/11 16:43:34.126869, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Wordpad.lnk (numopen=70) NT_STATUS_OK [2011/10/11 16:43:34.126913, 5] smbd/files.c:464(file_free) freed files structure 18154 (181 used) [2011/10/11 16:43:34.126960, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.126985, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62148 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.127199, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.127385, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.127435, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.127477, 3] smbd/process.c:1661(process_smb) Transaction 7952 of length 45 (0 toread) [2011/10/11 16:43:34.127536, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.127561, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62212 smt_wct=3 smb_vwv[ 0]=18155 (0x46EB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.127824, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.127851, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.127897, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.127941, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.128388, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.128517, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.128569, 3] smbd/reply.c:4850(reply_close) close fd=207 fnum=18155 (numopen=70) [2011/10/11 16:43:34.128611, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.128670, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink, file_id = 801:a0944:0 gen_id = 716 has kernel oplock state of 1. [2011/10/11 16:43:34.128729, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004409 [2011/10/11 16:43:34.128777, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.128819, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.128883, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa29b, type= 0x3, gen_id = 716, uid = 0, flags = 0, file_id 801:a0944:0, name_hash = 0x4f3a1eb9 [2011/10/11 16:43:34.128933, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4f3a1eb9 [2011/10/11 16:43:34.128978, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004409 [2011/10/11 16:43:34.129031, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink = 0 [2011/10/11 16:43:34.129076, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink [2011/10/11 16:43:34.129123, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink (numopen=69) NT_STATUS_OK [2011/10/11 16:43:34.129187, 5] smbd/files.c:464(file_free) freed files structure 18155 (180 used) [2011/10/11 16:43:34.129235, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.129260, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62212 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.129498, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.129687, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.129737, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.129779, 3] smbd/process.c:1661(process_smb) Transaction 7953 of length 45 (0 toread) [2011/10/11 16:43:34.129821, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.129846, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62276 smt_wct=3 smb_vwv[ 0]=18156 (0x46EC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.130107, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.130134, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.130180, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.130224, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.130671, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.130801, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.130853, 3] smbd/reply.c:4850(reply_close) close fd=208 fnum=18156 (numopen=69) [2011/10/11 16:43:34.130896, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.130955, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail, file_id = 801:a0943:0 gen_id = 717 has kernel oplock state of 1. [2011/10/11 16:43:34.131015, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004309 [2011/10/11 16:43:34.131068, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.131110, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.131175, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa327, type= 0x3, gen_id = 717, uid = 0, flags = 0, file_id 801:a0943:0, name_hash = 0x6e92fbd6 [2011/10/11 16:43:34.131224, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6e92fbd6 [2011/10/11 16:43:34.131287, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004309 [2011/10/11 16:43:34.131342, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail = 0 [2011/10/11 16:43:34.131386, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail [2011/10/11 16:43:34.131432, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail (numopen=68) NT_STATUS_OK [2011/10/11 16:43:34.131476, 5] smbd/files.c:464(file_free) freed files structure 18156 (179 used) [2011/10/11 16:43:34.131523, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.131548, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62276 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.131764, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.131985, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.132034, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.132076, 3] smbd/process.c:1661(process_smb) Transaction 7954 of length 45 (0 toread) [2011/10/11 16:43:34.132117, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.132142, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62340 smt_wct=3 smb_vwv[ 0]=18157 (0x46ED) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.132403, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.132430, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.132475, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.132518, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.132964, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.133093, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.133146, 3] smbd/reply.c:4850(reply_close) close fd=209 fnum=18157 (numopen=68) [2011/10/11 16:43:34.133188, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.133246, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/entries, file_id = 801:a4aac:0 gen_id = 718 has kernel oplock state of 1. [2011/10/11 16:43:34.133305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC4A [2011/10/11 16:43:34.133369, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.133434, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.133498, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa430, type= 0x3, gen_id = 718, uid = 0, flags = 0, file_id 801:a4aac:0, name_hash = 0xecd1d6d9 [2011/10/11 16:43:34.133548, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xecd1d6d9 [2011/10/11 16:43:34.133593, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC4A [2011/10/11 16:43:34.133647, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/entries = 0 [2011/10/11 16:43:34.133691, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/entries [2011/10/11 16:43:34.133736, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/entries (numopen=67) NT_STATUS_OK [2011/10/11 16:43:34.133780, 5] smbd/files.c:464(file_free) freed files structure 18157 (178 used) [2011/10/11 16:43:34.133827, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.133853, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62340 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.134068, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.134256, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.134306, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.134348, 3] smbd/process.c:1661(process_smb) Transaction 7955 of length 45 (0 toread) [2011/10/11 16:43:34.134390, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.134415, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62404 smt_wct=3 smb_vwv[ 0]=18158 (0x46EE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.134676, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.134703, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.134748, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.134792, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.135240, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.135368, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.135437, 3] smbd/reply.c:4850(reply_close) close fd=210 fnum=18158 (numopen=67) [2011/10/11 16:43:34.135480, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.135539, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base, file_id = 801:c465c:0 gen_id = 719 has kernel oplock state of 1. [2011/10/11 16:43:34.135600, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005C46 [2011/10/11 16:43:34.135652, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.135694, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.135758, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa49a, type= 0x3, gen_id = 719, uid = 0, flags = 0, file_id 801:c465c:0, name_hash = 0xced45b08 [2011/10/11 16:43:34.135807, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xced45b08 [2011/10/11 16:43:34.135856, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005C46 [2011/10/11 16:43:34.135910, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base = 0 [2011/10/11 16:43:34.135955, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base [2011/10/11 16:43:34.136001, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base (numopen=66) NT_STATUS_OK [2011/10/11 16:43:34.136045, 5] smbd/files.c:464(file_free) freed files structure 18158 (177 used) [2011/10/11 16:43:34.136091, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.136117, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62404 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.136331, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.136514, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.136563, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.136605, 3] smbd/process.c:1661(process_smb) Transaction 7956 of length 45 (0 toread) [2011/10/11 16:43:34.136647, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.136671, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62468 smt_wct=3 smb_vwv[ 0]=18159 (0x46EF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.136931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.136958, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.137003, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.137047, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.137528, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.137657, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.137711, 3] smbd/reply.c:4850(reply_close) close fd=211 fnum=18159 (numopen=66) [2011/10/11 16:43:34.137754, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.137813, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base, file_id = 801:c4653:0 gen_id = 720 has kernel oplock state of 1. [2011/10/11 16:43:34.137872, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005346 [2011/10/11 16:43:34.137920, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.137962, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.138025, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa557, type= 0x3, gen_id = 720, uid = 0, flags = 0, file_id 801:c4653:0, name_hash = 0x9102dff6 [2011/10/11 16:43:34.138075, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9102dff6 [2011/10/11 16:43:34.138120, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005346 [2011/10/11 16:43:34.138174, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base = 0 [2011/10/11 16:43:34.138218, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base [2011/10/11 16:43:34.138265, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base (numopen=65) NT_STATUS_OK [2011/10/11 16:43:34.138310, 5] smbd/files.c:464(file_free) freed files structure 18159 (176 used) [2011/10/11 16:43:34.138356, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.138381, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62468 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.138596, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.138781, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.138831, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.138874, 3] smbd/process.c:1661(process_smb) Transaction 7957 of length 45 (0 toread) [2011/10/11 16:43:34.138915, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.138940, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62532 smt_wct=3 smb_vwv[ 0]=18160 (0x46F0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.139201, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.139228, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.139292, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.139336, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.139784, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.139914, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.139966, 3] smbd/reply.c:4850(reply_close) close fd=212 fnum=18160 (numopen=65) [2011/10/11 16:43:34.140008, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.140067, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base, file_id = 801:c4652:0 gen_id = 721 has kernel oplock state of 1. [2011/10/11 16:43:34.140127, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005246 [2011/10/11 16:43:34.140175, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.140218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.140282, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa58e, type= 0x3, gen_id = 721, uid = 0, flags = 0, file_id 801:c4652:0, name_hash = 0xaf77a2e4 [2011/10/11 16:43:34.140331, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaf77a2e4 [2011/10/11 16:43:34.140377, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005246 [2011/10/11 16:43:34.140431, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base = 0 [2011/10/11 16:43:34.140476, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base [2011/10/11 16:43:34.140524, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base (numopen=64) NT_STATUS_OK [2011/10/11 16:43:34.140569, 5] smbd/files.c:464(file_free) freed files structure 18160 (175 used) [2011/10/11 16:43:34.140616, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.140641, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62532 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.140855, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.141054, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.141105, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.141147, 3] smbd/process.c:1661(process_smb) Transaction 7958 of length 45 (0 toread) [2011/10/11 16:43:34.141188, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.141213, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62596 smt_wct=3 smb_vwv[ 0]=18161 (0x46F1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.141496, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.141523, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.141568, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.141612, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.142058, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.142187, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.142240, 3] smbd/reply.c:4850(reply_close) close fd=213 fnum=18161 (numopen=64) [2011/10/11 16:43:34.142282, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.142341, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base, file_id = 801:c4651:0 gen_id = 722 has kernel oplock state of 1. [2011/10/11 16:43:34.142400, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005146 [2011/10/11 16:43:34.142448, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.142490, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.142553, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa6c4, type= 0x3, gen_id = 722, uid = 0, flags = 0, file_id 801:c4651:0, name_hash = 0xc3bc86bb [2011/10/11 16:43:34.142603, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc3bc86bb [2011/10/11 16:43:34.142648, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005146 [2011/10/11 16:43:34.142702, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base = 0 [2011/10/11 16:43:34.142746, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base [2011/10/11 16:43:34.142810, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base (numopen=63) NT_STATUS_OK [2011/10/11 16:43:34.142855, 5] smbd/files.c:464(file_free) freed files structure 18161 (174 used) [2011/10/11 16:43:34.142901, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.142926, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62596 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.143143, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.068359, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 202 [2011/10/11 16:43:35.068495, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xca [2011/10/11 16:43:35.068539, 3] smbd/process.c:1661(process_smb) Transaction 7959 of length 206 (0 toread) [2011/10/11 16:43:35.068582, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.068607, 5] lib/util.c:341(show_msg) size=202 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62660 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29696 (0x7400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=119 [2011/10/11 16:43:35.069211, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 00 00 .e.d... [2011/10/11 16:43:35.069524, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.069575, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.069620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.070077, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.070241, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.070286, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:35.070341, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070389, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned" [2011/10/11 16:43:35.070436, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned] [2011/10/11 16:43:35.070490, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070542, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070595, 5] smbd/files.c:126(file_new) allocated file structure 14405, fnum = 18501 (175 used) [2011/10/11 16:43:35.070643, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned hash 0x88599df8 [2011/10/11 16:43:35.070690, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned) returning 0600 [2011/10/11 16:43:35.070733, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.070780, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070824, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.070867, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070909, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.070950, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.070993, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, after mapping access_mask=0x81 [2011/10/11 16:43:35.071048, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.071103, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88640 [2011/10/11 16:43:35.071146, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:40408f:0 [2011/10/11 16:43:35.071191, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.071253, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.071301, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88880 [2011/10/11 16:43:35.071343, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.071410, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.071476, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.071519, 10] smbd/open.c:731(share_conflict) share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x0 [2011/10/11 16:43:35.071562, 10] smbd/open.c:734(share_conflict) share_conflict: access_mask = 0x81, share_access = 0x7 [2011/10/11 16:43:35.071604, 10] smbd/open.c:783(share_conflict) share_conflict: [1] am (0x100081) & right (0x6) = 0x0 [2011/10/11 16:43:35.071646, 10] smbd/open.c:783(share_conflict) share_conflict: [1] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.071688, 10] smbd/open.c:785(share_conflict) share_conflict: [2] am (0x81) & right (0x6) = 0x0 [2011/10/11 16:43:35.071730, 10] smbd/open.c:785(share_conflict) share_conflict: [2] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.071772, 10] smbd/open.c:788(share_conflict) share_conflict: [3] am (0x100081) & right (0x21) = 0x1 [2011/10/11 16:43:35.071814, 10] smbd/open.c:788(share_conflict) share_conflict: [3] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.071855, 10] smbd/open.c:790(share_conflict) share_conflict: [4] am (0x81) & right (0x21) = 0x1 [2011/10/11 16:43:35.071897, 10] smbd/open.c:790(share_conflict) share_conflict: [4] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.071939, 10] smbd/open.c:793(share_conflict) share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 [2011/10/11 16:43:35.071981, 10] smbd/open.c:793(share_conflict) share_conflict: [5] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.072023, 10] smbd/open.c:795(share_conflict) share_conflict: [6] am (0x81) & right (0x10000) = 0x0 [2011/10/11 16:43:35.072065, 10] smbd/open.c:795(share_conflict) share_conflict: [6] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.072107, 10] smbd/open.c:797(share_conflict) share_conflict: No conflict. [2011/10/11 16:43:35.072149, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x0 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072193, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.072246, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.072292, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned = 0 [2011/10/11 16:43:35.072337, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.072436, 5] smbd/files.c:464(file_free) freed files structure 18501 (174 used) [2011/10/11 16:43:35.072480, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.072527, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072589, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.072631, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.283593, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.284778, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.284939, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.285763, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.285822, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.285864, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.285916, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.285969, 5] smbd/files.c:126(file_new) allocated file structure 14406, fnum = 18502 (175 used) [2011/10/11 16:43:35.286019, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned hash 0x88599df8 [2011/10/11 16:43:35.286075, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.286133, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.286192, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a519f0 [2011/10/11 16:43:35.286235, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.286304, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.286355, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.286398, 10] smbd/open.c:731(share_conflict) share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x0 [2011/10/11 16:43:35.286440, 10] smbd/open.c:734(share_conflict) share_conflict: access_mask = 0x81, share_access = 0x7 [2011/10/11 16:43:35.286482, 10] smbd/open.c:783(share_conflict) share_conflict: [1] am (0x100081) & right (0x6) = 0x0 [2011/10/11 16:43:35.286524, 10] smbd/open.c:783(share_conflict) share_conflict: [1] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.286565, 10] smbd/open.c:785(share_conflict) share_conflict: [2] am (0x81) & right (0x6) = 0x0 [2011/10/11 16:43:35.286607, 10] smbd/open.c:785(share_conflict) share_conflict: [2] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.286649, 10] smbd/open.c:788(share_conflict) share_conflict: [3] am (0x100081) & right (0x21) = 0x1 [2011/10/11 16:43:35.286690, 10] smbd/open.c:788(share_conflict) share_conflict: [3] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.286732, 10] smbd/open.c:790(share_conflict) share_conflict: [4] am (0x81) & right (0x21) = 0x1 [2011/10/11 16:43:35.286774, 10] smbd/open.c:790(share_conflict) share_conflict: [4] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.286816, 10] smbd/open.c:793(share_conflict) share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 [2011/10/11 16:43:35.286883, 10] smbd/open.c:793(share_conflict) share_conflict: [5] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.286926, 10] smbd/open.c:795(share_conflict) share_conflict: [6] am (0x81) & right (0x10000) = 0x0 [2011/10/11 16:43:35.286968, 10] smbd/open.c:795(share_conflict) share_conflict: [6] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.287009, 10] smbd/open.c:797(share_conflict) share_conflict: No conflict. [2011/10/11 16:43:35.287055, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:35.287121, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287175, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287234, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.287288, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.287331, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.287376, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.287421, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.287465, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.287507, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.287548, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.287596, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.287659, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287716, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287773, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18502, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.288190, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 202 [2011/10/11 16:43:35.288243, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xca [2011/10/11 16:43:35.288286, 3] smbd/process.c:1661(process_smb) Transaction 7960 of length 206 (0 toread) [2011/10/11 16:43:35.288328, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.288353, 5] lib/util.c:341(show_msg) size=202 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62724 smt_wct=15 smb_vwv[ 0]= 134 (0x86) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 134 (0x86) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=137 [2011/10/11 16:43:35.288826, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 2A 00 00 00 .d.\.*.. . [2011/10/11 16:43:35.289240, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.289290, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.289335, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.289812, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.289947, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.289999, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.290053, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*" [2011/10/11 16:43:35.290101, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/*] [2011/10/11 16:43:35.290145, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned] [2011/10/11 16:43:35.290196, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, start = * [2011/10/11 16:43:35.290246, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, start = * [2011/10/11 16:43:35.290290, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.290332, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.290374, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.290417, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, mask = * [2011/10/11 16:43:35.290479, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.290536, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, expect_close = 1 [2011/10/11 16:43:35.290580, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.290622, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.290672, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.290726, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. [2011/10/11 16:43:35.290769, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.290812, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. [2011/10/11 16:43:35.290854, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.290895, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.290950, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.291016, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.291075, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.291123, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. fname=. (.) [2011/10/11 16:43:35.291172, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.291214, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.291261, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.291312, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. [2011/10/11 16:43:35.291353, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.291395, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. [2011/10/11 16:43:35.291436, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.291477, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.291523, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.291565, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. fname=.. (..) [2011/10/11 16:43:35.291610, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.291651, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.291714, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 40 [2011/10/11 16:43:35.291761, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.291817, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.291861, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.291967, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.292008, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.292055, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.292097, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar fname=TaskBar (TaskBar) [2011/10/11 16:43:35.292143, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16188 [2011/10/11 16:43:35.292184, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.292237, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:35.292284, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.292327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.292369, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.292411, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.292452, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.292498, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.292541, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts fname=ImplicitAppShortcuts (ImplicitAppShortcuts) [2011/10/11 16:43:35.292587, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16080 [2011/10/11 16:43:35.292628, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.292675, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: ImplicitAppShortcuts -> 5BB0ED06 -> IPFVKL~I (cache=1) [2011/10/11 16:43:35.292723, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:35.292766, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:35.292808, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:35.292886, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 440, useable_space = 131010 [2011/10/11 16:43:35.292930, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 440, paramsize = 10, datasize = 440 [2011/10/11 16:43:35.292972, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.292997, 5] lib/util.c:341(show_msg) size=508 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62724 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 440 (0x1B8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 440 (0x1B8) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=453 [2011/10/11 16:43:35.293402, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 04 00 01 00 00 00 30 01 00 00 60 00 00 ........ .0...`.. [0010] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0020] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0030] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 00 A7 5A 6B 0A 1A CC 01 00 A7 5A .......Z k......Z [0080] 6B 0A 1A CC 01 00 A7 5A 6B 0A 1A CC 01 00 A7 5A k......Z k......Z [0090] 6B 0A 1A CC 01 00 00 00 00 00 00 00 00 00 00 00 k....... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 6C 00 00 00 00 00 00 00 80 D8 51 26 24 88 CC .l...... ...Q&$.. [00E0] 01 80 D8 51 26 24 88 CC 01 80 D8 51 26 24 88 CC ...Q&$.. ...Q&$.. [00F0] 01 80 D8 51 26 24 88 CC 01 00 00 00 00 00 00 00 ...Q&$.. ........ [0100] 00 00 00 00 00 00 00 00 00 10 00 00 00 0E 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 ........ .......T [0130] 00 61 00 73 00 6B 00 42 00 61 00 72 00 88 00 00 .a.s.k.B .a.r.... [0140] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0150] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0160] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0170] 00 00 00 00 00 10 00 00 00 28 00 00 00 00 00 00 ........ .(...... [0180] 00 10 00 49 00 50 00 46 00 56 00 4B 00 4C 00 7E ...I.P.F .V.K.L.~ [0190] 00 49 00 00 00 00 00 00 00 00 00 49 00 6D 00 70 .I...... ...I.m.p [01A0] 00 6C 00 69 00 63 00 69 00 74 00 41 00 70 00 70 .l.i.c.i .t.A.p.p [01B0] 00 53 00 68 00 6F 00 72 00 74 00 63 00 75 00 74 .S.h.o.r .t.c.u.t [01C0] 00 73 00 00 00 .s... [2011/10/11 16:43:35.294458, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=* directory=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned dirtype=22 numentries=4 [2011/10/11 16:43:35.294514, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2011/10/11 16:43:35.294840, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:35.294892, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:35.294934, 3] smbd/process.c:1661(process_smb) Transaction 7961 of length 45 (0 toread) [2011/10/11 16:43:35.294976, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.295002, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62788 smt_wct=3 smb_vwv[ 0]=18502 (0x4846) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:35.295264, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.295291, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.295339, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.295384, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.295926, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.296059, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.296105, 3] smbd/reply.c:4840(reply_close) close directory fnum=18502 [2011/10/11 16:43:35.296155, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.296210, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87d80 [2011/10/11 16:43:35.296252, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.296318, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296379, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296429, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.296472, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:35.296536, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296588, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296636, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.296691, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned = 0 [2011/10/11 16:43:35.296736, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.296783, 5] smbd/files.c:464(file_free) freed files structure 18502 (174 used) [2011/10/11 16:43:35.296828, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.296853, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62788 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:35.297066, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.297433, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 244 [2011/10/11 16:43:35.297484, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xf4 [2011/10/11 16:43:35.297526, 3] smbd/process.c:1661(process_smb) Transaction 7962 of length 248 (0 toread) [2011/10/11 16:43:35.297568, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.297593, 5] lib/util.c:341(show_msg) size=244 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62852 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=40448 (0x9E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=161 [2011/10/11 16:43:35.298210, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 5C 00 49 00 6D 00 70 00 6C 00 69 .e.d.\.I .m.p.l.i [0080] 00 63 00 69 00 74 00 41 00 70 00 70 00 53 00 68 .c.i.t.A .p.p.S.h [0090] 00 6F 00 72 00 74 00 63 00 75 00 74 00 73 00 00 .o.r.t.c .u.t.s.. [00A0] 00 . [2011/10/11 16:43:35.298595, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.298642, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.298686, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.299133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.299330, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.299382, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299431, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts" [2011/10/11 16:43:35.299479, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts] [2011/10/11 16:43:35.299547, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299600, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299652, 5] smbd/files.c:126(file_new) allocated file structure 14407, fnum = 18503 (175 used) [2011/10/11 16:43:35.299700, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts hash 0x73aa9b67 [2011/10/11 16:43:35.299747, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts) returning 0600 [2011/10/11 16:43:35.299790, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.299837, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299882, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.299924, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299966, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.300007, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.300051, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, after mapping access_mask=0x81 [2011/10/11 16:43:35.300105, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.300156, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88790 [2011/10/11 16:43:35.300198, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:404152:0 [2011/10/11 16:43:35.300243, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.300305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.300351, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d889d0 [2011/10/11 16:43:35.300395, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300439, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.300492, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.300539, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts = 0 [2011/10/11 16:43:35.300584, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300630, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.300698, 5] smbd/files.c:464(file_free) freed files structure 18503 (174 used) [2011/10/11 16:43:35.300741, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.300789, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300852, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.300894, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.300943, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.301674, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.301781, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.302425, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.302480, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.302523, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.302574, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.302628, 5] smbd/files.c:126(file_new) allocated file structure 14408, fnum = 18504 (175 used) [2011/10/11 16:43:35.302678, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts hash 0x73aa9b67 [2011/10/11 16:43:35.302735, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.302793, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.302851, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a122e0 [2011/10/11 16:43:35.302899, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2011/10/11 16:43:35.302968, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.303017, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.303072, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.303113, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.303159, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303230, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.303274, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303317, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.303357, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.303406, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.303471, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.303528, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18504, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303914, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 244 [2011/10/11 16:43:35.303968, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xf4 [2011/10/11 16:43:35.304010, 3] smbd/process.c:1661(process_smb) Transaction 7963 of length 248 (0 toread) [2011/10/11 16:43:35.304052, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.304077, 5] lib/util.c:341(show_msg) size=244 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62916 smt_wct=15 smb_vwv[ 0]= 176 (0xB0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 176 (0xB0) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=179 [2011/10/11 16:43:35.304529, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 49 00 6D 00 70 00 6C 00 69 00 63 .d.\.I.m .p.l.i.c [0090] 00 69 00 74 00 41 00 70 00 70 00 53 00 68 00 6F .i.t.A.p .p.S.h.o [00A0] 00 72 00 74 00 63 00 75 00 74 00 73 00 5C 00 2A .r.t.c.u .t.s.\.* [00B0] 00 00 00 ... [2011/10/11 16:43:35.304948, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.304996, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.305041, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.305534, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.305669, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.305722, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.305775, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*" [2011/10/11 16:43:35.305824, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS/*] [2011/10/11 16:43:35.305869, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts] [2011/10/11 16:43:35.305920, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, start = * [2011/10/11 16:43:35.306061, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, start = * [2011/10/11 16:43:35.306107, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.306149, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.306191, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.306233, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, mask = * [2011/10/11 16:43:35.306281, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.306391, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, expect_close = 1 [2011/10/11 16:43:35.306435, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.306477, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.306527, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.306582, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. [2011/10/11 16:43:35.306626, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.306669, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. [2011/10/11 16:43:35.306711, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.306751, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.306806, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.306888, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.306939, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. fname=. (.) [2011/10/11 16:43:35.306989, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.307031, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.307078, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.307129, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. [2011/10/11 16:43:35.307171, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.307213, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. [2011/10/11 16:43:35.307255, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.307295, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.307342, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.307405, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.307462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.307510, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. fname=.. (..) [2011/10/11 16:43:35.307556, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.307598, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.307653, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:35.307696, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:35.307739, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:35.307814, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 [2011/10/11 16:43:35.307859, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 [2011/10/11 16:43:35.307901, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.307926, 5] lib/util.c:341(show_msg) size=264 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62916 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 196 (0xC4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 196 (0xC4) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=209 [2011/10/11 16:43:35.308314, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 02 00 01 00 00 00 60 00 00 00 60 00 00 ........ .`...`.. [0010] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0020] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0030] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0080] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0090] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 . [2011/10/11 16:43:35.308832, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=* directory=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts dirtype=22 numentries=2 [2011/10/11 16:43:35.308890, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2011/10/11 16:43:35.309114, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:35.309164, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:35.309206, 3] smbd/process.c:1661(process_smb) Transaction 7964 of length 45 (0 toread) [2011/10/11 16:43:35.309248, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.309273, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62980 smt_wct=3 smb_vwv[ 0]=18504 (0x4848) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:35.309557, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.309586, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.309633, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.309677, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.310126, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.310258, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.310304, 3] smbd/reply.c:4840(reply_close) close directory fnum=18504 [2011/10/11 16:43:35.310424, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.310481, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87d80 [2011/10/11 16:43:35.310543, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.310661, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.310714, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73aa9b67 [2011/10/11 16:43:35.310760, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.310815, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts = 0 [2011/10/11 16:43:35.310861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.310909, 5] smbd/files.c:464(file_free) freed files structure 18504 (174 used) [2011/10/11 16:43:35.310953, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.310979, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62980 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:35.311191, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.311604, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 218 [2011/10/11 16:43:35.311655, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xda [2011/10/11 16:43:35.311698, 3] smbd/process.c:1661(process_smb) Transaction 7965 of length 222 (0 toread) [2011/10/11 16:43:35.311739, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.311764, 5] lib/util.c:341(show_msg) size=218 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=63044 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=33792 (0x8400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=135 [2011/10/11 16:43:35.312358, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 5C 00 54 00 61 00 73 00 6B 00 42 .e.d.\.T .a.s.k.B [0080] 00 61 00 72 00 00 00 .a.r... [2011/10/11 16:43:35.312678, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.312724, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.312768, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.313233, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.313364, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.313435, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313483, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar" [2011/10/11 16:43:35.313530, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar] [2011/10/11 16:43:35.313583, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313633, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313686, 5] smbd/files.c:126(file_new) allocated file structure 14409, fnum = 18505 (175 used) [2011/10/11 16:43:35.313733, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar hash 0x57ae7988 [2011/10/11 16:43:35.313780, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar) returning 0600 [2011/10/11 16:43:35.313823, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.313870, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313915, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.313958, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314000, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.314041, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.314084, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, after mapping access_mask=0x81 [2011/10/11 16:43:35.314154, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.314204, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88720 [2011/10/11 16:43:35.314246, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:404090:0 [2011/10/11 16:43:35.314291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.314352, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.314398, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88960 [2011/10/11 16:43:35.314441, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314485, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.314537, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.314583, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar = 0 [2011/10/11 16:43:35.314628, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314674, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.314726, 5] smbd/files.c:464(file_free) freed files structure 18505 (174 used) [2011/10/11 16:43:35.314770, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.314816, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314879, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.314920, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.314968, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.315770, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.315879, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.316520, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.316576, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.316618, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.316669, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.316749, 5] smbd/files.c:126(file_new) allocated file structure 14410, fnum = 18506 (175 used) [2011/10/11 16:43:35.316801, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar hash 0x57ae7988 [2011/10/11 16:43:35.316857, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.316915, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.316973, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b09dbeb0 [2011/10/11 16:43:35.317021, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2011/10/11 16:43:35.317092, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.317140, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.317195, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.317238, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.317283, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.317328, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.317371, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.317450, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.317491, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.317539, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.317604, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.317662, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18506, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.318034, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 218 [2011/10/11 16:43:35.318086, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xda [2011/10/11 16:43:35.318129, 3] smbd/process.c:1661(process_smb) Transaction 7966 of length 222 (0 toread) [2011/10/11 16:43:35.318171, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.318196, 5] lib/util.c:341(show_msg) size=218 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=63108 smt_wct=15 smb_vwv[ 0]= 150 (0x96) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 150 (0x96) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=153 [2011/10/11 16:43:35.318652, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 54 00 61 00 73 00 6B 00 42 00 61 .d.\.T.a .s.k.B.a [0090] 00 72 00 5C 00 2A 00 00 00 .r.\.*.. . [2011/10/11 16:43:35.319030, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.319079, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.319124, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.319575, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.319709, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.319761, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.319814, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*" [2011/10/11 16:43:35.319861, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR/*] [2011/10/11 16:43:35.319906, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar] [2011/10/11 16:43:35.319955, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, start = * [2011/10/11 16:43:35.320006, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, start = * [2011/10/11 16:43:35.320050, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.320091, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.320133, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.320176, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, mask = * [2011/10/11 16:43:35.320223, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.320293, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, expect_close = 1 [2011/10/11 16:43:35.320337, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.320379, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.320428, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.320482, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. [2011/10/11 16:43:35.320525, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.320568, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. [2011/10/11 16:43:35.320610, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.320650, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.320702, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.320767, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.320815, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. fname=. (.) [2011/10/11 16:43:35.320865, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.320907, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.320953, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.321004, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. [2011/10/11 16:43:35.321045, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.321087, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. [2011/10/11 16:43:35.321128, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.321169, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.321216, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.321279, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.321335, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.321410, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. fname=.. (..) [2011/10/11 16:43:35.321457, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.321498, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.321600, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 56 [2011/10/11 16:43:35.321648, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk [2011/10/11 16:43:35.321691, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.321733, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk [2011/10/11 16:43:35.321775, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.321816, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.321862, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:54:23 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.321927, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeb25, type= 0x3, gen_id = 890, uid = 0, flags = 0, file_id 803:404091:0, name_hash = 0x4f91c64 [2011/10/11 16:43:35.321975, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk fname=Windows Media Player.lnk (Windows Media Player.lnk) [2011/10/11 16:43:35.322022, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16188 [2011/10/11 16:43:35.322063, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.322109, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player.lnk -> 2CCE5E67 -> WCFK0H~3.LNK (cache=1) [2011/10/11 16:43:35.322164, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 76 [2011/10/11 16:43:35.322211, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:35.322253, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.322295, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:35.322337, 8] lib/util.c:1338(is_in_path) is_in_path: match succeeded [2011/10/11 16:43:35.322378, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning h [2011/10/11 16:43:35.322426, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:34 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.322491, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:35.322548, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:35.322597, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini fname=desktop.ini (desktop.ini) [2011/10/11 16:43:35.322643, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16044 [2011/10/11 16:43:35.322685, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.322738, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 104 [2011/10/11 16:43:35.322805, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk [2011/10/11 16:43:35.322849, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.322891, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk [2011/10/11 16:43:35.322932, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.322973, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.323020, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.323084, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc125, type= 0x3, gen_id = 862, uid = 0, flags = 0, file_id 803:404093:0, name_hash = 0x9b9fa079 [2011/10/11 16:43:35.323132, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk fname=Server Manager.lnk (Server Manager.lnk) [2011/10/11 16:43:35.323180, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15928 [2011/10/11 16:43:35.323221, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.323265, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager.lnk -> 13344361 -> S5BTP4~1.LNK (cache=1) [2011/10/11 16:43:35.323320, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 136 [2011/10/11 16:43:35.323368, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk [2011/10/11 16:43:35.323411, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.323452, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk [2011/10/11 16:43:35.323495, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.323535, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.323582, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.323647, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2425, type= 0x3, gen_id = 928, uid = 0, flags = 0, file_id 803:40414d:0, name_hash = 0x9f67f8f5 [2011/10/11 16:43:35.323695, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk fname=Windows PowerShell.lnk (Windows PowerShell.lnk) [2011/10/11 16:43:35.323743, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15796 [2011/10/11 16:43:35.323784, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.323828, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell.lnk -> 00B4857B -> W071KL~7.LNK (cache=1) [2011/10/11 16:43:35.323883, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 172 [2011/10/11 16:43:35.323931, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk [2011/10/11 16:43:35.323974, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.324030, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk [2011/10/11 16:43:35.324073, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.324114, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.324161, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.324225, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd1a5, type= 0x3, gen_id = 873, uid = 0, flags = 0, file_id 803:40414e:0, name_hash = 0x5c441919 [2011/10/11 16:43:35.324273, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk fname=Windows Media Player (2).lnk (Windows Media Player (2).lnk) [2011/10/11 16:43:35.324321, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15656 [2011/10/11 16:43:35.324363, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.324407, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (2).lnk -> 7208CA8C -> WVN226~K.LNK (cache=1) [2011/10/11 16:43:35.324462, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 208 [2011/10/11 16:43:35.324509, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk [2011/10/11 16:43:35.324552, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.324594, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk [2011/10/11 16:43:35.324636, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.324677, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.324724, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.324788, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe0a5, type= 0x3, gen_id = 883, uid = 0, flags = 0, file_id 803:40414f:0, name_hash = 0xcb4d0649 [2011/10/11 16:43:35.324836, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk fname=Windows Media Player (3).lnk (Windows Media Player (3).lnk) [2011/10/11 16:43:35.324884, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15504 [2011/10/11 16:43:35.324925, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.324969, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (3).lnk -> 7108C93B -> WVD2GJ~F.LNK (cache=1) [2011/10/11 16:43:35.325023, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 244 [2011/10/11 16:43:35.325071, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk [2011/10/11 16:43:35.325114, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.325156, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk [2011/10/11 16:43:35.325212, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.325252, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.325299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.325363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe225, type= 0x3, gen_id = 884, uid = 0, flags = 0, file_id 803:404150:0, name_hash = 0x1600bed3 [2011/10/11 16:43:35.325427, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk fname=Windows Media Player (4).lnk (Windows Media Player (4).lnk) [2011/10/11 16:43:35.325474, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15352 [2011/10/11 16:43:35.325515, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.325559, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (4).lnk -> 6C08C11A -> WTZ4G0~Q.LNK (cache=1) [2011/10/11 16:43:35.325613, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 280 [2011/10/11 16:43:35.325660, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk [2011/10/11 16:43:35.325704, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.325745, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk [2011/10/11 16:43:35.325787, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.325827, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.325874, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.325938, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe3a5, type= 0x3, gen_id = 885, uid = 0, flags = 0, file_id 803:404151:0, name_hash = 0xda477db6 [2011/10/11 16:43:35.325986, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk fname=Windows Media Player (5).lnk (Windows Media Player (5).lnk) [2011/10/11 16:43:35.326033, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15200 [2011/10/11 16:43:35.326074, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.326117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (5).lnk -> 6B08BF89 -> WTP4UB~T.LNK (cache=1) [2011/10/11 16:43:35.326171, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 316 [2011/10/11 16:43:35.326219, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk [2011/10/11 16:43:35.326262, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.326303, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk [2011/10/11 16:43:35.326345, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.326385, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.326432, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.326510, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe525, type= 0x3, gen_id = 886, uid = 0, flags = 0, file_id 803:404193:0, name_hash = 0xd6ad59 [2011/10/11 16:43:35.326558, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk fname=Windows Media Player (6).lnk (Windows Media Player (6).lnk) [2011/10/11 16:43:35.326606, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15048 [2011/10/11 16:43:35.326647, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.326690, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (6).lnk -> 6E08C470 -> WUJ3NG~0.LNK (cache=1) [2011/10/11 16:43:35.326744, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 352 [2011/10/11 16:43:35.326792, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk [2011/10/11 16:43:35.326835, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.326876, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk [2011/10/11 16:43:35.326919, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.326959, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.327006, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.327070, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe6a5, type= 0x3, gen_id = 887, uid = 0, flags = 0, file_id 803:404194:0, name_hash = 0xb20659e5 [2011/10/11 16:43:35.327118, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk fname=Windows Media Player (7).lnk (Windows Media Player (7).lnk) [2011/10/11 16:43:35.327165, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14896 [2011/10/11 16:43:35.327206, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.327250, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (7).lnk -> 6D08C2EF -> WU941R~J.LNK (cache=1) [2011/10/11 16:43:35.327304, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 388 [2011/10/11 16:43:35.327352, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk [2011/10/11 16:43:35.327395, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.327436, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk [2011/10/11 16:43:35.327479, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.327519, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.327565, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.327629, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe825, type= 0x3, gen_id = 888, uid = 0, flags = 0, file_id 803:404195:0, name_hash = 0x637f42d4 [2011/10/11 16:43:35.327691, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk fname=Windows Media Player (8).lnk (Windows Media Player (8).lnk) [2011/10/11 16:43:35.327739, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14744 [2011/10/11 16:43:35.327780, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.327823, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (8).lnk -> 7808D43E -> WXAZOE~6.LNK (cache=1) [2011/10/11 16:43:35.327878, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 424 [2011/10/11 16:43:35.327925, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk [2011/10/11 16:43:35.327968, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.328010, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk [2011/10/11 16:43:35.328052, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.328093, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.328139, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.328203, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe9a5, type= 0x3, gen_id = 889, uid = 0, flags = 0, file_id 803:404196:0, name_hash = 0x870d6369 [2011/10/11 16:43:35.328251, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk fname=Windows Media Player (9).lnk (Windows Media Player (9).lnk) [2011/10/11 16:43:35.328298, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14592 [2011/10/11 16:43:35.328339, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.328383, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (9).lnk -> 7708D2AD -> WX102P~9.LNK (cache=1) [2011/10/11 16:43:35.328438, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 464 [2011/10/11 16:43:35.328485, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk [2011/10/11 16:43:35.328529, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.328570, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk [2011/10/11 16:43:35.328613, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.328653, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.328700, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.328765, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc2a5, type= 0x3, gen_id = 863, uid = 0, flags = 0, file_id 803:404198:0, name_hash = 0x11c1dbe2 [2011/10/11 16:43:35.328826, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk fname=Windows Media Player (10).lnk (Windows Media Player (10).lnk) [2011/10/11 16:43:35.328874, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14440 [2011/10/11 16:43:35.328916, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.328961, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (10).lnk -> 26CF797D -> WARO03~H.LNK (cache=1) [2011/10/11 16:43:35.329016, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 504 [2011/10/11 16:43:35.329063, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk [2011/10/11 16:43:35.329107, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.329149, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk [2011/10/11 16:43:35.329191, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.329232, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.329279, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.329343, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc425, type= 0x3, gen_id = 864, uid = 0, flags = 0, file_id 803:40423b:0, name_hash = 0x89c84cf5 [2011/10/11 16:43:35.329407, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk fname=Windows Media Player (11).lnk (Windows Media Player (11).lnk) [2011/10/11 16:43:35.329455, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14288 [2011/10/11 16:43:35.329496, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.329540, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (11).lnk -> 27CF7ACE -> WB1NLQ~M.LNK (cache=1) [2011/10/11 16:43:35.329595, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 544 [2011/10/11 16:43:35.329643, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk [2011/10/11 16:43:35.329686, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.329728, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk [2011/10/11 16:43:35.329770, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.329811, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.329858, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.329922, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc5a5, type= 0x3, gen_id = 865, uid = 0, flags = 0, file_id 803:7f4001:0, name_hash = 0x43e2f1ad [2011/10/11 16:43:35.329970, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk fname=Windows Media Player (12).lnk (Windows Media Player (12).lnk) [2011/10/11 16:43:35.330031, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14136 [2011/10/11 16:43:35.330073, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.330117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (12).lnk -> 28CF7C53 -> WBBN7F~7.LNK (cache=1) [2011/10/11 16:43:35.330172, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 584 [2011/10/11 16:43:35.330219, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk [2011/10/11 16:43:35.330262, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.330304, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk [2011/10/11 16:43:35.330346, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.330387, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.330433, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.330497, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc725, type= 0x3, gen_id = 866, uid = 0, flags = 0, file_id 803:40423c:0, name_hash = 0x5d7313b0 [2011/10/11 16:43:35.330545, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk fname=Windows Media Player (13).lnk (Windows Media Player (13).lnk) [2011/10/11 16:43:35.330593, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13984 [2011/10/11 16:43:35.330634, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.330678, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (13).lnk -> 29CF7E24 -> WBLMT5~W.LNK (cache=1) [2011/10/11 16:43:35.330732, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 624 [2011/10/11 16:43:35.330780, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk [2011/10/11 16:43:35.330823, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.330865, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk [2011/10/11 16:43:35.330907, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.330947, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.330994, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.331058, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc8a5, type= 0x3, gen_id = 867, uid = 0, flags = 0, file_id 803:7f4002:0, name_hash = 0xdcc7e4e [2011/10/11 16:43:35.331106, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk fname=Windows Media Player (14).lnk (Windows Media Player (14).lnk) [2011/10/11 16:43:35.331167, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13832 [2011/10/11 16:43:35.331209, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.331355, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (14).lnk -> 22CF7321 -> W9NPLB~5.LNK (cache=1) [2011/10/11 16:43:35.331411, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 664 [2011/10/11 16:43:35.331460, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk [2011/10/11 16:43:35.331503, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.331545, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk [2011/10/11 16:43:35.331588, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.331629, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.331676, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.331741, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xca25, type= 0x3, gen_id = 868, uid = 0, flags = 0, file_id 803:40423d:0, name_hash = 0x4d5a871 [2011/10/11 16:43:35.331789, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk fname=Windows Media Player (15).lnk (Windows Media Player (15).lnk) [2011/10/11 16:43:35.331837, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13680 [2011/10/11 16:43:35.331879, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.331922, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (15).lnk -> 23CF74B2 -> W9XP70~2.LNK (cache=1) [2011/10/11 16:43:35.331977, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 696 [2011/10/11 16:43:35.332025, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk [2011/10/11 16:43:35.332068, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.332109, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk [2011/10/11 16:43:35.332152, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.332192, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.332239, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.332303, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x98a5, type= 0x3, gen_id = 835, uid = 0, flags = 0, file_id 803:7fc001:0, name_hash = 0xf9e368f6 [2011/10/11 16:43:35.332352, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk fname=Server Manager (2).lnk (Server Manager (2).lnk) [2011/10/11 16:43:35.332399, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13528 [2011/10/11 16:43:35.332440, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.332499, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (2).lnk -> 487FE49A -> SK46EU~2.LNK (cache=1) [2011/10/11 16:43:35.332554, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 732 [2011/10/11 16:43:35.332601, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk [2011/10/11 16:43:35.332644, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.332686, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk [2011/10/11 16:43:35.332728, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.332769, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.332816, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.332880, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfba5, type= 0x3, gen_id = 901, uid = 0, flags = 0, file_id 803:7fc002:0, name_hash = 0x27ba6a31 [2011/10/11 16:43:35.332928, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk fname=Windows PowerShell (2).lnk (Windows PowerShell (2).lnk) [2011/10/11 16:43:35.332976, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13388 [2011/10/11 16:43:35.333017, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.333061, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (2).lnk -> 5F86C300 -> WQI6PZ~4.LNK (cache=1) [2011/10/11 16:43:35.333115, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 764 [2011/10/11 16:43:35.333163, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk [2011/10/11 16:43:35.333206, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.333247, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk [2011/10/11 16:43:35.333289, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.333330, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.333396, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.333462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa925, type= 0x3, gen_id = 846, uid = 0, flags = 0, file_id 803:404197:0, name_hash = 0x48d9fcc4 [2011/10/11 16:43:35.333510, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk fname=Server Manager (3).lnk (Server Manager (3).lnk) [2011/10/11 16:43:35.333557, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13240 [2011/10/11 16:43:35.333599, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.333643, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (3).lnk -> 477FE309 -> SJU6T5~5.LNK (cache=1) [2011/10/11 16:43:35.333697, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 800 [2011/10/11 16:43:35.333759, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk [2011/10/11 16:43:35.333802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.333843, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk [2011/10/11 16:43:35.333886, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.333927, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.333974, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.334038, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc25, type= 0x3, gen_id = 912, uid = 0, flags = 0, file_id 803:40423f:0, name_hash = 0xb96b9eb8 [2011/10/11 16:43:35.334086, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk fname=Windows PowerShell (3).lnk (Windows PowerShell (3).lnk) [2011/10/11 16:43:35.334133, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13100 [2011/10/11 16:43:35.334174, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.334218, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (3).lnk -> 5E86C1BF -> WQ874C~F.LNK (cache=1) [2011/10/11 16:43:35.334272, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 832 [2011/10/11 16:43:35.334320, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk [2011/10/11 16:43:35.334362, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.334404, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk [2011/10/11 16:43:35.334446, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.334486, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.334533, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.334598, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb825, type= 0x3, gen_id = 856, uid = 0, flags = 0, file_id 803:404240:0, name_hash = 0x15b5ae60 [2011/10/11 16:43:35.334646, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk fname=Server Manager (4).lnk (Server Manager (4).lnk) [2011/10/11 16:43:35.334693, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12952 [2011/10/11 16:43:35.334734, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.334778, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (4).lnk -> 4E7FEE0C -> SLS40Z~W.LNK (cache=1) [2011/10/11 16:43:35.334832, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 868 [2011/10/11 16:43:35.334880, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk [2011/10/11 16:43:35.334938, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.334981, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk [2011/10/11 16:43:35.335023, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.335063, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.335110, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.335174, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1b25, type= 0x3, gen_id = 922, uid = 0, flags = 0, file_id 803:404241:0, name_hash = 0x84281113 [2011/10/11 16:43:35.335223, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk fname=Windows PowerShell (4).lnk (Windows PowerShell (4).lnk) [2011/10/11 16:43:35.335270, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12812 [2011/10/11 16:43:35.335311, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.335354, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (4).lnk -> 6186C666 -> WR25XE~U.LNK (cache=1) [2011/10/11 16:43:35.335408, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 900 [2011/10/11 16:43:35.335456, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk [2011/10/11 16:43:35.335498, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.335540, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk [2011/10/11 16:43:35.335582, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.335623, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.335669, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.335734, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb9a5, type= 0x3, gen_id = 857, uid = 0, flags = 0, file_id 803:7fc003:0, name_hash = 0x9cca7c91 [2011/10/11 16:43:35.335781, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk fname=Server Manager (5).lnk (Server Manager (5).lnk) [2011/10/11 16:43:35.335905, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12664 [2011/10/11 16:43:35.335946, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.335991, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (5).lnk -> 4D7FECBB -> SLI4FC~R.LNK (cache=1) [2011/10/11 16:43:35.336046, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 936 [2011/10/11 16:43:35.336093, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk [2011/10/11 16:43:35.336136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.336177, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk [2011/10/11 16:43:35.336234, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.336276, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.336323, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.336387, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1ca5, type= 0x3, gen_id = 923, uid = 0, flags = 0, file_id 803:7fc004:0, name_hash = 0x7826fa75 [2011/10/11 16:43:35.336436, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk fname=Windows PowerShell (5).lnk (Windows PowerShell (5).lnk) [2011/10/11 16:43:35.336483, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12524 [2011/10/11 16:43:35.336524, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.336567, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (5).lnk -> 6086C495 -> WQS6BO~5.LNK (cache=1) [2011/10/11 16:43:35.336622, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 968 [2011/10/11 16:43:35.336669, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk [2011/10/11 16:43:35.336712, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.336753, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk [2011/10/11 16:43:35.336795, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.336836, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.336883, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.336946, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbb25, type= 0x3, gen_id = 858, uid = 0, flags = 0, file_id 803:404242:0, name_hash = 0x2402eac4 [2011/10/11 16:43:35.336994, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk fname=Server Manager (6).lnk (Server Manager (6).lnk) [2011/10/11 16:43:35.337042, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12376 [2011/10/11 16:43:35.337083, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.337127, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (6).lnk -> 4C7FEAD6 -> SL84TL~I.LNK (cache=1) [2011/10/11 16:43:35.337182, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1004 [2011/10/11 16:43:35.337229, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk [2011/10/11 16:43:35.337272, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.337313, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk [2011/10/11 16:43:35.337356, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.337414, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.337461, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.337540, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1e25, type= 0x3, gen_id = 924, uid = 0, flags = 0, file_id 803:7fc005:0, name_hash = 0x8091b7af [2011/10/11 16:43:35.337588, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk fname=Windows PowerShell (6).lnk (Windows PowerShell (6).lnk) [2011/10/11 16:43:35.337635, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12236 [2011/10/11 16:43:35.337676, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.337721, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (6).lnk -> 6386C95C -> WRM54R~G.LNK (cache=1) [2011/10/11 16:43:35.337775, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1044 [2011/10/11 16:43:35.337823, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk [2011/10/11 16:43:35.337866, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.337908, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk [2011/10/11 16:43:35.337950, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.337990, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.338037, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.338101, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcba5, type= 0x3, gen_id = 869, uid = 0, flags = 0, file_id 803:7fc006:0, name_hash = 0x102d4b9f [2011/10/11 16:43:35.338149, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk fname=Windows Media Player (16).lnk (Windows Media Player (16).lnk) [2011/10/11 16:43:35.338196, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12088 [2011/10/11 16:43:35.338238, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.338282, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (16).lnk -> 24CF7607 -> WA7OSN~B.LNK (cache=1) [2011/10/11 16:43:35.338336, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1084 [2011/10/11 16:43:35.338384, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk [2011/10/11 16:43:35.338427, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.338468, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk [2011/10/11 16:43:35.338511, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.338551, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.338598, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.338676, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcd25, type= 0x3, gen_id = 870, uid = 0, flags = 0, file_id 803:7fc007:0, name_hash = 0xf6dae [2011/10/11 16:43:35.338725, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk fname=Windows Media Player (17).lnk (Windows Media Player (17).lnk) [2011/10/11 16:43:35.338772, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11936 [2011/10/11 16:43:35.338814, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.338858, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (17).lnk -> 25CF77E8 -> WAHOEE~G.LNK (cache=1) [2011/10/11 16:43:35.338912, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1124 [2011/10/11 16:43:35.338959, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk [2011/10/11 16:43:35.339002, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.339044, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk [2011/10/11 16:43:35.339086, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.339127, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.339174, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.339238, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcea5, type= 0x3, gen_id = 871, uid = 0, flags = 0, file_id 803:7fc008:0, name_hash = 0x866cf060 [2011/10/11 16:43:35.339285, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk fname=Windows Media Player (18).lnk (Windows Media Player (18).lnk) [2011/10/11 16:43:35.339332, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11784 [2011/10/11 16:43:35.339374, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.339418, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (18).lnk -> 1ECF6C95 -> W8JR6H~H.LNK (cache=1) [2011/10/11 16:43:35.339472, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1156 [2011/10/11 16:43:35.339519, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk [2011/10/11 16:43:35.339562, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.339603, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk [2011/10/11 16:43:35.339646, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.339686, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.339733, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.339796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbca5, type= 0x3, gen_id = 859, uid = 0, flags = 0, file_id 803:7fc009:0, name_hash = 0xff899459 [2011/10/11 16:43:35.339858, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk fname=Server Manager (7).lnk (Server Manager (7).lnk) [2011/10/11 16:43:35.339906, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11632 [2011/10/11 16:43:35.339947, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.339991, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (7).lnk -> 4B7FE945 -> SKY57W~L.LNK (cache=1) [2011/10/11 16:43:35.340045, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1192 [2011/10/11 16:43:35.340092, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk [2011/10/11 16:43:35.340136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.340177, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk [2011/10/11 16:43:35.340220, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.340260, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.340386, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.340451, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1fa5, type= 0x3, gen_id = 925, uid = 0, flags = 0, file_id 803:7fc00a:0, name_hash = 0x3f262b16 [2011/10/11 16:43:35.340500, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk fname=Windows PowerShell (7).lnk (Windows PowerShell (7).lnk) [2011/10/11 16:43:35.340548, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11492 [2011/10/11 16:43:35.340589, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.340633, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (7).lnk -> 6286C7CB -> WRC5J2~J.LNK (cache=1) [2011/10/11 16:43:35.340688, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1224 [2011/10/11 16:43:35.340736, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk [2011/10/11 16:43:35.340778, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.340820, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk [2011/10/11 16:43:35.340862, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.340903, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.340950, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.341014, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbe25, type= 0x3, gen_id = 860, uid = 0, flags = 0, file_id 803:7fc00b:0, name_hash = 0x5de48b12 [2011/10/11 16:43:35.341061, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk fname=Server Manager (8).lnk (Server Manager (8).lnk) [2011/10/11 16:43:35.341123, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11344 [2011/10/11 16:43:35.341165, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.341209, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (8).lnk -> 527FF458 -> SMW2FR~S.LNK (cache=1) [2011/10/11 16:43:35.341264, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1260 [2011/10/11 16:43:35.341311, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk [2011/10/11 16:43:35.341355, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.341412, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk [2011/10/11 16:43:35.341455, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.341496, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.341543, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.341607, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2125, type= 0x3, gen_id = 926, uid = 0, flags = 0, file_id 803:7fc00c:0, name_hash = 0x98a24f7d [2011/10/11 16:43:35.341656, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk fname=Windows PowerShell (8).lnk (Windows PowerShell (8).lnk) [2011/10/11 16:43:35.341703, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11204 [2011/10/11 16:43:35.341744, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.341788, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (8).lnk -> 6586CCB2 -> WS64C6~Q.LNK (cache=1) [2011/10/11 16:43:35.341843, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1292 [2011/10/11 16:43:35.341890, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk [2011/10/11 16:43:35.341933, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.341975, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk [2011/10/11 16:43:35.342017, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.342058, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.342105, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.342223, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbfa5, type= 0x3, gen_id = 861, uid = 0, flags = 0, file_id 803:404243:0, name_hash = 0xa4a66cc6 [2011/10/11 16:43:35.342272, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk fname=Server Manager (9).lnk (Server Manager (9).lnk) [2011/10/11 16:43:35.342320, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11056 [2011/10/11 16:43:35.342375, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.342420, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (9).lnk -> 517FF2F7 -> SMM2U4~7.LNK (cache=1) [2011/10/11 16:43:35.342475, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1328 [2011/10/11 16:43:35.342522, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk [2011/10/11 16:43:35.342566, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.342607, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk [2011/10/11 16:43:35.342649, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.342690, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.342736, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.342800, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x22a5, type= 0x3, gen_id = 927, uid = 0, flags = 0, file_id 803:404244:0, name_hash = 0x7d36e96 [2011/10/11 16:43:35.342848, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk fname=Windows PowerShell (9).lnk (Windows PowerShell (9).lnk) [2011/10/11 16:43:35.342896, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10916 [2011/10/11 16:43:35.342937, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.342980, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (9).lnk -> 6486CB21 -> WRW4QH~T.LNK (cache=1) [2011/10/11 16:43:35.343035, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1360 [2011/10/11 16:43:35.343083, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk [2011/10/11 16:43:35.343125, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.343167, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk [2011/10/11 16:43:35.343209, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.343249, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.343296, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.343360, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x89a5, type= 0x3, gen_id = 825, uid = 0, flags = 0, file_id 803:404245:0, name_hash = 0x7b08bb42 [2011/10/11 16:43:35.343407, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk fname=Server Manager (10).lnk (Server Manager (10).lnk) [2011/10/11 16:43:35.343455, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10768 [2011/10/11 16:43:35.343496, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.343540, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (10).lnk -> 2A57CBEB -> SBQY9R~F.LNK (cache=1) [2011/10/11 16:43:35.343608, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1396 [2011/10/11 16:43:35.343656, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk [2011/10/11 16:43:35.343700, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.343741, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk [2011/10/11 16:43:35.343783, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.343824, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.343871, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.343935, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeca5, type= 0x3, gen_id = 891, uid = 0, flags = 0, file_id 803:404246:0, name_hash = 0xda94ec4b [2011/10/11 16:43:35.343983, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk fname=Windows PowerShell (10).lnk (Windows PowerShell (10).lnk) [2011/10/11 16:43:35.344031, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10628 [2011/10/11 16:43:35.344126, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.344170, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (10).lnk -> 681D7EE9 -> WSVZ7C~9.LNK (cache=1) [2011/10/11 16:43:35.344225, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1428 [2011/10/11 16:43:35.344273, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk [2011/10/11 16:43:35.344316, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.344358, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk [2011/10/11 16:43:35.344400, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.344440, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.344487, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.344551, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8b25, type= 0x3, gen_id = 826, uid = 0, flags = 0, file_id 803:404247:0, name_hash = 0x5ac4287d [2011/10/11 16:43:35.344598, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk fname=Server Manager (11).lnk (Server Manager (11).lnk) [2011/10/11 16:43:35.344646, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10480 [2011/10/11 16:43:35.344687, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.344731, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (11).lnk -> 2B57CD7C -> SC0XVG~C.LNK (cache=1) [2011/10/11 16:43:35.344785, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1464 [2011/10/11 16:43:35.344832, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk [2011/10/11 16:43:35.344890, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.344932, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk [2011/10/11 16:43:35.344974, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.345014, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.345061, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.345125, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xee25, type= 0x3, gen_id = 892, uid = 0, flags = 0, file_id 803:404248:0, name_hash = 0x3d226c78 [2011/10/11 16:43:35.345173, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk fname=Windows PowerShell (11).lnk (Windows PowerShell (11).lnk) [2011/10/11 16:43:35.345220, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10340 [2011/10/11 16:43:35.345261, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.345305, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (11).lnk -> 691D807A -> WT5YT1~6.LNK (cache=1) [2011/10/11 16:43:35.345359, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1496 [2011/10/11 16:43:35.345423, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk [2011/10/11 16:43:35.345466, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.345507, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk [2011/10/11 16:43:35.345550, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.345590, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.345637, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.345701, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8ca5, type= 0x3, gen_id = 827, uid = 0, flags = 0, file_id 803:7fc00d:0, name_hash = 0x88feaa0a [2011/10/11 16:43:35.345749, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk fname=Server Manager (12).lnk (Server Manager (12).lnk) [2011/10/11 16:43:35.345796, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10192 [2011/10/11 16:43:35.345837, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.345881, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (12).lnk -> 2857C8B5 -> SB6Z2D~1.LNK (cache=1) [2011/10/11 16:43:35.345936, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1532 [2011/10/11 16:43:35.345983, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk [2011/10/11 16:43:35.346027, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.346082, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk [2011/10/11 16:43:35.346126, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.346166, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.346213, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.346277, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xefa5, type= 0x3, gen_id = 893, uid = 0, flags = 0, file_id 803:7fc00e:0, name_hash = 0x40bbbb11 [2011/10/11 16:43:35.346325, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk fname=Windows PowerShell (12).lnk (Windows PowerShell (12).lnk) [2011/10/11 16:43:35.346372, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10052 [2011/10/11 16:43:35.346413, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.346457, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (12).lnk -> 6A1D81CF -> WTFYEO~F.LNK (cache=1) [2011/10/11 16:43:35.346512, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1564 [2011/10/11 16:43:35.346560, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk [2011/10/11 16:43:35.346602, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.346644, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk [2011/10/11 16:43:35.346686, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.346727, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.346774, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.346837, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8e25, type= 0x3, gen_id = 828, uid = 0, flags = 0, file_id 803:404249:0, name_hash = 0x4aff2134 [2011/10/11 16:43:35.346885, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk fname=Server Manager (13).lnk (Server Manager (13).lnk) [2011/10/11 16:43:35.346932, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9904 [2011/10/11 16:43:35.346973, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.347017, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (13).lnk -> 2957CA06 -> SBGYO0~6.LNK (cache=1) [2011/10/11 16:43:35.347071, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1600 [2011/10/11 16:43:35.347119, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk [2011/10/11 16:43:35.347162, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.347203, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk [2011/10/11 16:43:35.347246, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.347300, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.347347, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.347412, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf125, type= 0x3, gen_id = 894, uid = 0, flags = 0, file_id 803:40424a:0, name_hash = 0xfff71e78 [2011/10/11 16:43:35.347460, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk fname=Windows PowerShell (13).lnk (Windows PowerShell (13).lnk) [2011/10/11 16:43:35.347507, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9764 [2011/10/11 16:43:35.347548, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.347592, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (13).lnk -> 6B1D8350 -> WTPY0C~W.LNK (cache=1) [2011/10/11 16:43:35.347646, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1632 [2011/10/11 16:43:35.347693, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk [2011/10/11 16:43:35.347736, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.347777, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk [2011/10/11 16:43:35.347819, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.347859, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.347906, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.347970, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8fa5, type= 0x3, gen_id = 829, uid = 0, flags = 0, file_id 803:7fc00f:0, name_hash = 0xbb927cc3 [2011/10/11 16:43:35.348018, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk fname=Server Manager (14).lnk (Server Manager (14).lnk) [2011/10/11 16:43:35.348065, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9616 [2011/10/11 16:43:35.348106, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.348150, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (14).lnk -> 2657C55F -> SAMZUX~R.LNK (cache=1) [2011/10/11 16:43:35.348204, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1668 [2011/10/11 16:43:35.348252, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk [2011/10/11 16:43:35.348294, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.348336, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk [2011/10/11 16:43:35.348378, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.348418, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.348466, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.348543, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf2a5, type= 0x3, gen_id = 895, uid = 0, flags = 0, file_id 803:7fc010:0, name_hash = 0xf676605e [2011/10/11 16:43:35.348592, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk fname=Windows PowerShell (14).lnk (Windows PowerShell (14).lnk) [2011/10/11 16:43:35.348639, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9476 [2011/10/11 16:43:35.348680, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.348724, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (14).lnk -> 6C1D8525 -> WTZXM3~P.LNK (cache=1) [2011/10/11 16:43:35.348779, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1700 [2011/10/11 16:43:35.348826, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk [2011/10/11 16:43:35.348869, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.348910, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk [2011/10/11 16:43:35.349010, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.349051, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.349098, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.349162, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9125, type= 0x3, gen_id = 830, uid = 0, flags = 0, file_id 803:40424b:0, name_hash = 0xeb5bb8c7 [2011/10/11 16:43:35.349210, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk fname=Server Manager (15).lnk (Server Manager (15).lnk) [2011/10/11 16:43:35.349258, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9328 [2011/10/11 16:43:35.349299, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.349343, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (15).lnk -> 2757C720 -> SAWZGO~0.LNK (cache=1) [2011/10/11 16:43:35.349413, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1736 [2011/10/11 16:43:35.349461, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk [2011/10/11 16:43:35.349504, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.349545, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk [2011/10/11 16:43:35.349588, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.349628, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.349676, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.349739, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf425, type= 0x3, gen_id = 896, uid = 0, flags = 0, file_id 803:40424c:0, name_hash = 0xaf6c0ea7 [2011/10/11 16:43:35.349802, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk fname=Windows PowerShell (15).lnk (Windows PowerShell (15).lnk) [2011/10/11 16:43:35.349850, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9188 [2011/10/11 16:43:35.349891, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.349934, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (15).lnk -> 6D1D86B6 -> WU9X7S~M.LNK (cache=1) [2011/10/11 16:43:35.349988, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1768 [2011/10/11 16:43:35.350035, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk [2011/10/11 16:43:35.350078, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.350119, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk [2011/10/11 16:43:35.350162, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.350202, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.350249, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.350312, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x92a5, type= 0x3, gen_id = 831, uid = 0, flags = 0, file_id 803:7fc011:0, name_hash = 0xfb0d3fd3 [2011/10/11 16:43:35.350360, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk fname=Server Manager (16).lnk (Server Manager (16).lnk) [2011/10/11 16:43:35.350407, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9040 [2011/10/11 16:43:35.350448, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.350491, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (16).lnk -> 2457C279 -> SA30NL~L.LNK (cache=1) [2011/10/11 16:43:35.350545, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1804 [2011/10/11 16:43:35.350592, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk [2011/10/11 16:43:35.350635, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.350677, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk [2011/10/11 16:43:35.350719, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.350759, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.350806, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.350870, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf5a5, type= 0x3, gen_id = 897, uid = 0, flags = 0, file_id 803:7fc012:0, name_hash = 0x52027246 [2011/10/11 16:43:35.350918, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk fname=Windows PowerShell (16).lnk (Windows PowerShell (16).lnk) [2011/10/11 16:43:35.350979, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8900 [2011/10/11 16:43:35.351020, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.351064, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (16).lnk -> 6E1D881B -> WUJWTG~B.LNK (cache=1) [2011/10/11 16:43:35.351118, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1836 [2011/10/11 16:43:35.351166, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk [2011/10/11 16:43:35.351209, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.351250, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk [2011/10/11 16:43:35.351293, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.351333, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.351381, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.351444, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9425, type= 0x3, gen_id = 832, uid = 0, flags = 0, file_id 803:40424d:0, name_hash = 0x4bbc30a0 [2011/10/11 16:43:35.351492, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk fname=Server Manager (17).lnk (Server Manager (17).lnk) [2011/10/11 16:43:35.351539, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8752 [2011/10/11 16:43:35.351581, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.351624, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (17).lnk -> 2557C3CA -> SAD098~Q.LNK (cache=1) [2011/10/11 16:43:35.351679, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1872 [2011/10/11 16:43:35.351726, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk [2011/10/11 16:43:35.351769, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.351811, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk [2011/10/11 16:43:35.351853, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.351893, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.351940, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.352004, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf725, type= 0x3, gen_id = 898, uid = 0, flags = 0, file_id 803:40424e:0, name_hash = 0xfe77b478 [2011/10/11 16:43:35.352052, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk fname=Windows PowerShell (17).lnk (Windows PowerShell (17).lnk) [2011/10/11 16:43:35.352100, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8612 [2011/10/11 16:43:35.352155, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.352199, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (17).lnk -> 6F1D89EC -> WUTWF7~0.LNK (cache=1) [2011/10/11 16:43:35.352252, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1912 [2011/10/11 16:43:35.352300, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk [2011/10/11 16:43:35.352343, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.352384, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk [2011/10/11 16:43:35.352426, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.352466, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.352513, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.352576, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd025, type= 0x3, gen_id = 872, uid = 0, flags = 0, file_id 803:404073:0, name_hash = 0x4957277 [2011/10/11 16:43:35.352624, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk fname=Windows Media Player (19).lnk (Windows Media Player (19).lnk) [2011/10/11 16:43:35.352672, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8464 [2011/10/11 16:43:35.352713, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.352756, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (19).lnk -> 1FCF6E66 -> W8TQS8~6.LNK (cache=1) [2011/10/11 16:43:35.352811, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1952 [2011/10/11 16:43:35.352858, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk [2011/10/11 16:43:35.352901, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.352942, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk [2011/10/11 16:43:35.352985, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.353025, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.353071, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.353135, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd325, type= 0x3, gen_id = 874, uid = 0, flags = 0, file_id 803:40430b:0, name_hash = 0xa7d1828b [2011/10/11 16:43:35.353183, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk fname=Windows Media Player (20).lnk (Windows Media Player (20).lnk) [2011/10/11 16:43:35.353231, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8312 [2011/10/11 16:43:35.353273, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.353330, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (20).lnk -> 18D6E8A6 -> W6W44O~6.LNK (cache=1) [2011/10/11 16:43:35.353401, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1992 [2011/10/11 16:43:35.353450, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk [2011/10/11 16:43:35.353494, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.353535, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk [2011/10/11 16:43:35.353578, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.353619, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.353666, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.353730, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd4a5, type= 0x3, gen_id = 875, uid = 0, flags = 0, file_id 803:17ec026:0, name_hash = 0xea1f4d07 [2011/10/11 16:43:35.353778, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk fname=Windows Media Player (21).lnk (Windows Media Player (21).lnk) [2011/10/11 16:43:35.353826, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8160 [2011/10/11 16:43:35.353927, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.353972, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (21).lnk -> 17D6E6D5 -> W6M4IX~H.LNK (cache=1) [2011/10/11 16:43:35.354027, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2032 [2011/10/11 16:43:35.354075, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk [2011/10/11 16:43:35.354119, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.354161, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk [2011/10/11 16:43:35.354204, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.354244, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.354292, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.354356, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd625, type= 0x3, gen_id = 876, uid = 0, flags = 0, file_id 803:17ec027:0, name_hash = 0xae558725 [2011/10/11 16:43:35.354405, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk fname=Windows Media Player (22).lnk (Windows Media Player (22).lnk) [2011/10/11 16:43:35.354452, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8008 [2011/10/11 16:43:35.354494, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.354538, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (22).lnk -> 1AD6EB9C -> W7G3C0~S.LNK (cache=1) [2011/10/11 16:43:35.354607, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2072 [2011/10/11 16:43:35.354656, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk [2011/10/11 16:43:35.354699, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.354741, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk [2011/10/11 16:43:35.354784, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.354825, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.354872, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.354936, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd7a5, type= 0x3, gen_id = 877, uid = 0, flags = 0, file_id 803:17ec028:0, name_hash = 0xbb846bdc [2011/10/11 16:43:35.354984, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk fname=Windows Media Player (23).lnk (Windows Media Player (23).lnk) [2011/10/11 16:43:35.355032, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7856 [2011/10/11 16:43:35.355073, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.355117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (23).lnk -> 19D6EA0B -> W763QB~V.LNK (cache=1) [2011/10/11 16:43:35.355172, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2112 [2011/10/11 16:43:35.355220, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk [2011/10/11 16:43:35.355263, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.355305, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk [2011/10/11 16:43:35.355348, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.355388, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.355435, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.355499, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd925, type= 0x3, gen_id = 878, uid = 0, flags = 0, file_id 803:17ec029:0, name_hash = 0xe422ada2 [2011/10/11 16:43:35.355551, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk fname=Windows Media Player (24).lnk (Windows Media Player (24).lnk) [2011/10/11 16:43:35.355599, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7704 [2011/10/11 16:43:35.355640, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.355684, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (24).lnk -> 14D6E26A -> W5S5PW~Q.LNK (cache=1) [2011/10/11 16:43:35.355739, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2152 [2011/10/11 16:43:35.355801, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk [2011/10/11 16:43:35.355845, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.355886, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk [2011/10/11 16:43:35.355928, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.355969, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.356015, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.356079, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdaa5, type= 0x3, gen_id = 879, uid = 0, flags = 0, file_id 803:17ec02a:0, name_hash = 0xaa6b67be [2011/10/11 16:43:35.356126, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk fname=Windows Media Player (25).lnk (Windows Media Player (25).lnk) [2011/10/11 16:43:35.356174, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7552 [2011/10/11 16:43:35.356215, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.356258, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (25).lnk -> 13D6E099 -> W5I646~1.LNK (cache=1) [2011/10/11 16:43:35.356312, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2192 [2011/10/11 16:43:35.356360, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk [2011/10/11 16:43:35.356403, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.356444, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk [2011/10/11 16:43:35.356486, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.356527, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.356574, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.356637, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdc25, type= 0x3, gen_id = 880, uid = 0, flags = 0, file_id 803:40430d:0, name_hash = 0x67fd7be7 [2011/10/11 16:43:35.356684, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk fname=Windows Media Player (26).lnk (Windows Media Player (26).lnk) [2011/10/11 16:43:35.356731, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7400 [2011/10/11 16:43:35.356773, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.356816, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (26).lnk -> 16D6E540 -> W6C4X8~G.LNK (cache=1) [2011/10/11 16:43:35.356870, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2232 [2011/10/11 16:43:35.356918, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk [2011/10/11 16:43:35.357016, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.357073, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk [2011/10/11 16:43:35.357116, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.357156, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.357204, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.357267, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdda5, type= 0x3, gen_id = 881, uid = 0, flags = 0, file_id 803:40430e:0, name_hash = 0xc32ea297 [2011/10/11 16:43:35.357316, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk fname=Windows Media Player (27).lnk (Windows Media Player (27).lnk) [2011/10/11 16:43:35.357364, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7248 [2011/10/11 16:43:35.357465, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.357511, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (27).lnk -> 15D6E3FF -> W625BL~R.LNK (cache=1) [2011/10/11 16:43:35.357567, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2272 [2011/10/11 16:43:35.357615, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk [2011/10/11 16:43:35.357658, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.357700, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk [2011/10/11 16:43:35.357742, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.357783, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.357830, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.357894, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdf25, type= 0x3, gen_id = 882, uid = 0, flags = 0, file_id 803:40430f:0, name_hash = 0x70108ac4 [2011/10/11 16:43:35.357942, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk fname=Windows Media Player (28).lnk (Windows Media Player (28).lnk) [2011/10/11 16:43:35.357989, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7096 [2011/10/11 16:43:35.358031, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.358075, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (28).lnk -> 20D6F50E -> W940Y6~M.LNK (cache=1) [2011/10/11 16:43:35.358129, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2304 [2011/10/11 16:43:35.358177, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk [2011/10/11 16:43:35.358220, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.358262, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk [2011/10/11 16:43:35.358319, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.358360, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.358407, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.358471, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x95a5, type= 0x3, gen_id = 833, uid = 0, flags = 0, file_id 803:404310:0, name_hash = 0xff53a764 [2011/10/11 16:43:35.358519, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk fname=Server Manager (18).lnk (Server Manager (18).lnk) [2011/10/11 16:43:35.358566, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6944 [2011/10/11 16:43:35.358607, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.358650, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (18).lnk -> 3257D873 -> SDYV3A~R.LNK (cache=1) [2011/10/11 16:43:35.358705, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2340 [2011/10/11 16:43:35.358752, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk [2011/10/11 16:43:35.358795, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.358837, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk [2011/10/11 16:43:35.358879, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.358979, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.359028, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.359092, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf8a5, type= 0x3, gen_id = 899, uid = 0, flags = 0, file_id 803:404311:0, name_hash = 0xba365da5 [2011/10/11 16:43:35.359140, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk fname=Windows PowerShell (18).lnk (Windows PowerShell (18).lnk) [2011/10/11 16:43:35.359187, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6804 [2011/10/11 16:43:35.359229, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.359272, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (18).lnk -> 701D8B71 -> WV3W0V~L.LNK (cache=1) [2011/10/11 16:43:35.359326, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2372 [2011/10/11 16:43:35.359374, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk [2011/10/11 16:43:35.359417, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.359458, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk [2011/10/11 16:43:35.359500, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.359540, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.359601, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.359666, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9725, type= 0x3, gen_id = 834, uid = 0, flags = 0, file_id 803:404312:0, name_hash = 0x2db8bfcd [2011/10/11 16:43:35.359713, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk fname=Server Manager (19).lnk (Server Manager (19).lnk) [2011/10/11 16:43:35.359761, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6656 [2011/10/11 16:43:35.359802, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.359846, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (19).lnk -> 3357D9C4 -> SE8UOX~W.LNK (cache=1) [2011/10/11 16:43:35.359899, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2408 [2011/10/11 16:43:35.359947, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk [2011/10/11 16:43:35.359990, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.360031, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk [2011/10/11 16:43:35.360073, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.360113, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.360160, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.360224, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfa25, type= 0x3, gen_id = 900, uid = 0, flags = 0, file_id 803:404313:0, name_hash = 0xd0f2ea00 [2011/10/11 16:43:35.360272, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk fname=Windows PowerShell (19).lnk (Windows PowerShell (19).lnk) [2011/10/11 16:43:35.360319, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6516 [2011/10/11 16:43:35.360360, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.360403, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (19).lnk -> 711D8CC2 -> WVDVMI~Q.LNK (cache=1) [2011/10/11 16:43:35.360457, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2440 [2011/10/11 16:43:35.360505, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk [2011/10/11 16:43:35.360547, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.360589, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk [2011/10/11 16:43:35.360631, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.360672, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.360718, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.360782, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9a25, type= 0x3, gen_id = 836, uid = 0, flags = 0, file_id 803:404314:0, name_hash = 0xf5cdc8bb [2011/10/11 16:43:35.360850, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk fname=Server Manager (20).lnk (Server Manager (20).lnk) [2011/10/11 16:43:35.360898, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6368 [2011/10/11 16:43:35.360939, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.360982, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (20).lnk -> 2454BA10 -> SA2WE8~G.LNK (cache=1) [2011/10/11 16:43:35.361037, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2476 [2011/10/11 16:43:35.361084, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk [2011/10/11 16:43:35.361128, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.361169, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk [2011/10/11 16:43:35.361211, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.361252, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.361299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.361363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfd25, type= 0x3, gen_id = 902, uid = 0, flags = 0, file_id 803:404315:0, name_hash = 0x289830fa [2011/10/11 16:43:35.361427, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk fname=Windows PowerShell (20).lnk (Windows PowerShell (20).lnk) [2011/10/11 16:43:35.361475, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6228 [2011/10/11 16:43:35.361516, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.361560, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (20).lnk -> 7A252072 -> WXW2M4~2.LNK (cache=1) [2011/10/11 16:43:35.361615, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2508 [2011/10/11 16:43:35.361662, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk [2011/10/11 16:43:35.361704, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.361746, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk [2011/10/11 16:43:35.361788, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.361828, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.361875, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.361939, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ba5, type= 0x3, gen_id = 837, uid = 0, flags = 0, file_id 803:404316:0, name_hash = 0x4808115f [2011/10/11 16:43:35.362000, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk fname=Server Manager (21).lnk (Server Manager (21).lnk) [2011/10/11 16:43:35.362048, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6080 [2011/10/11 16:43:35.362089, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.362132, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (21).lnk -> 2354B88F -> S9SWSJ~Z.LNK (cache=1) [2011/10/11 16:43:35.362187, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2544 [2011/10/11 16:43:35.362234, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk [2011/10/11 16:43:35.362276, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.362317, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk [2011/10/11 16:43:35.362359, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.362399, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.362446, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.362509, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfea5, type= 0x3, gen_id = 903, uid = 0, flags = 0, file_id 803:404317:0, name_hash = 0x215b619a [2011/10/11 16:43:35.362557, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk fname=Windows PowerShell (21).lnk (Windows PowerShell (21).lnk) [2011/10/11 16:43:35.362603, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5940 [2011/10/11 16:43:35.362645, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.362688, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (21).lnk -> 79251EE1 -> WXM30F~5.LNK (cache=1) [2011/10/11 16:43:35.362742, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2576 [2011/10/11 16:43:35.362790, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk [2011/10/11 16:43:35.362832, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.362873, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk [2011/10/11 16:43:35.362915, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.362955, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.363002, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.363066, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9d25, type= 0x3, gen_id = 838, uid = 0, flags = 0, file_id 803:404318:0, name_hash = 0x310703aa [2011/10/11 16:43:35.363113, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk fname=Server Manager (22).lnk (Server Manager (22).lnk) [2011/10/11 16:43:35.363173, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5792 [2011/10/11 16:43:35.363215, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.363259, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (22).lnk -> 2254B73A -> S9IX6W~Q.LNK (cache=1) [2011/10/11 16:43:35.363313, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2612 [2011/10/11 16:43:35.363361, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk [2011/10/11 16:43:35.363404, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.363445, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk [2011/10/11 16:43:35.363488, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.363528, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.363576, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.363640, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x25, type= 0x3, gen_id = 904, uid = 0, flags = 0, file_id 803:404319:0, name_hash = 0x7fc6add3 [2011/10/11 16:43:35.363687, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk fname=Windows PowerShell (22).lnk (Windows PowerShell (22).lnk) [2011/10/11 16:43:35.363735, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5652 [2011/10/11 16:43:35.363776, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.363819, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (22).lnk -> 7C2523A8 -> WYG1TI~G.LNK (cache=1) [2011/10/11 16:43:35.363873, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2644 [2011/10/11 16:43:35.363921, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk [2011/10/11 16:43:35.363964, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.364005, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk [2011/10/11 16:43:35.364047, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.364088, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.364135, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.364198, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ea5, type= 0x3, gen_id = 839, uid = 0, flags = 0, file_id 803:40431a:0, name_hash = 0x55c86a8 [2011/10/11 16:43:35.364246, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk fname=Server Manager (23).lnk (Server Manager (23).lnk) [2011/10/11 16:43:35.364293, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5504 [2011/10/11 16:43:35.364335, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.364392, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (23).lnk -> 2154B5A9 -> S98XL7~T.LNK (cache=1) [2011/10/11 16:43:35.364447, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2680 [2011/10/11 16:43:35.364494, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk [2011/10/11 16:43:35.364537, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.364579, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk [2011/10/11 16:43:35.364621, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.364662, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.364709, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.364828, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1a5, type= 0x3, gen_id = 905, uid = 0, flags = 0, file_id 803:40431b:0, name_hash = 0xc1c70b34 [2011/10/11 16:43:35.364877, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk fname=Windows PowerShell (23).lnk (Windows PowerShell (23).lnk) [2011/10/11 16:43:35.364924, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5364 [2011/10/11 16:43:35.364965, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.365009, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (23).lnk -> 7B2521C7 -> WY627R~B.LNK (cache=1) [2011/10/11 16:43:35.365064, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2712 [2011/10/11 16:43:35.365112, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk [2011/10/11 16:43:35.365154, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.365196, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk [2011/10/11 16:43:35.365238, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.365278, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.365325, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.365402, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa025, type= 0x3, gen_id = 840, uid = 0, flags = 0, file_id 803:404321:0, name_hash = 0x8acd18fa [2011/10/11 16:43:35.365452, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk fname=Server Manager (24).lnk (Server Manager (24).lnk) [2011/10/11 16:43:35.365499, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5216 [2011/10/11 16:43:35.365540, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.365584, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (24).lnk -> 2854C0AC -> SB6UT2~K.LNK (cache=1) [2011/10/11 16:43:35.365653, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2748 [2011/10/11 16:43:35.365701, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk [2011/10/11 16:43:35.365744, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.365786, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk [2011/10/11 16:43:35.365828, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.365869, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.365915, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.365979, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x325, type= 0x3, gen_id = 906, uid = 0, flags = 0, file_id 803:404322:0, name_hash = 0x2920e50d [2011/10/11 16:43:35.366027, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk fname=Windows PowerShell (24).lnk (Windows PowerShell (24).lnk) [2011/10/11 16:43:35.366074, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5076 [2011/10/11 16:43:35.366115, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.366159, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (24).lnk -> 7E25268E -> WZ010U~M.LNK (cache=1) [2011/10/11 16:43:35.366213, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2780 [2011/10/11 16:43:35.366261, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk [2011/10/11 16:43:35.366303, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.366344, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk [2011/10/11 16:43:35.366387, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.366427, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.366474, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.366537, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa1a5, type= 0x3, gen_id = 841, uid = 0, flags = 0, file_id 803:404323:0, name_hash = 0x57e57761 [2011/10/11 16:43:35.366585, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk fname=Server Manager (25).lnk (Server Manager (25).lnk) [2011/10/11 16:43:35.366632, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4928 [2011/10/11 16:43:35.366674, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.366717, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (25).lnk -> 2754BEDB -> SAWV7B~V.LNK (cache=1) [2011/10/11 16:43:35.366772, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2816 [2011/10/11 16:43:35.366819, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk [2011/10/11 16:43:35.366876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.366918, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk [2011/10/11 16:43:35.366960, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.367000, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.367048, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.367112, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x4a5, type= 0x3, gen_id = 907, uid = 0, flags = 0, file_id 803:404324:0, name_hash = 0x4c50dd80 [2011/10/11 16:43:35.367159, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk fname=Windows PowerShell (25).lnk (Windows PowerShell (25).lnk) [2011/10/11 16:43:35.367207, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4788 [2011/10/11 16:43:35.367248, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.367291, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (25).lnk -> 7D25253D -> WYQ1F7~H.LNK (cache=1) [2011/10/11 16:43:35.367346, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2848 [2011/10/11 16:43:35.367393, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk [2011/10/11 16:43:35.367436, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.367478, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk [2011/10/11 16:43:35.367520, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.367561, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.367607, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.367671, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa325, type= 0x3, gen_id = 842, uid = 0, flags = 0, file_id 803:404325:0, name_hash = 0xe9f90b3e [2011/10/11 16:43:35.367719, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk fname=Server Manager (26).lnk (Server Manager (26).lnk) [2011/10/11 16:43:35.367767, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4640 [2011/10/11 16:43:35.367809, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.367852, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (26).lnk -> 2654BD76 -> SAMVLO~6.LNK (cache=1) [2011/10/11 16:43:35.367907, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2884 [2011/10/11 16:43:35.367954, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk [2011/10/11 16:43:35.367998, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.368039, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk [2011/10/11 16:43:35.368095, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.368136, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.368183, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.368247, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x625, type= 0x3, gen_id = 908, uid = 0, flags = 0, file_id 803:404326:0, name_hash = 0xd2ec17ce [2011/10/11 16:43:35.368295, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk fname=Windows PowerShell (26).lnk (Windows PowerShell (26).lnk) [2011/10/11 16:43:35.368342, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4500 [2011/10/11 16:43:35.368384, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.368427, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (26).lnk -> 002529E4 -> W01G7A~C.LNK (cache=1) [2011/10/11 16:43:35.368481, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2916 [2011/10/11 16:43:35.368529, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk [2011/10/11 16:43:35.368572, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.368613, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk [2011/10/11 16:43:35.368655, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.368696, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.368743, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.368806, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa4a5, type= 0x3, gen_id = 843, uid = 0, flags = 0, file_id 803:404327:0, name_hash = 0x5a199423 [2011/10/11 16:43:35.368854, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk fname=Server Manager (27).lnk (Server Manager (27).lnk) [2011/10/11 16:43:35.368901, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4352 [2011/10/11 16:43:35.368942, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.368986, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (27).lnk -> 2554BBE5 -> SACVZZ~9.LNK (cache=1) [2011/10/11 16:43:35.369039, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2952 [2011/10/11 16:43:35.369087, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk [2011/10/11 16:43:35.369130, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.369171, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk [2011/10/11 16:43:35.369501, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.369562, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.369614, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.369680, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x7a5, type= 0x3, gen_id = 909, uid = 0, flags = 0, file_id 803:404328:0, name_hash = 0xb80a4497 [2011/10/11 16:43:35.369730, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk fname=Windows PowerShell (27).lnk (Windows PowerShell (27).lnk) [2011/10/11 16:43:35.369779, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4212 [2011/10/11 16:43:35.369821, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.369868, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (27).lnk -> 7F252813 -> WZA0MJ~7.LNK (cache=1) [2011/10/11 16:43:35.369927, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2984 [2011/10/11 16:43:35.369977, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk [2011/10/11 16:43:35.370020, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.370061, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk [2011/10/11 16:43:35.370104, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.370145, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.370192, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.370256, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa625, type= 0x3, gen_id = 844, uid = 0, flags = 0, file_id 803:404329:0, name_hash = 0xd979a53f [2011/10/11 16:43:35.370304, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk fname=Server Manager (28).lnk (Server Manager (28).lnk) [2011/10/11 16:43:35.370351, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4064 [2011/10/11 16:43:35.370393, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.370437, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (28).lnk -> 2C54C6F8 -> SCAT7U~G.LNK (cache=1) [2011/10/11 16:43:35.370492, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3020 [2011/10/11 16:43:35.370539, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk [2011/10/11 16:43:35.370583, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.370624, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk [2011/10/11 16:43:35.370666, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.370707, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.370754, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.370831, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x925, type= 0x3, gen_id = 910, uid = 0, flags = 0, file_id 803:40432a:0, name_hash = 0x59fd0893 [2011/10/11 16:43:35.370880, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk fname=Windows PowerShell (28).lnk (Windows PowerShell (28).lnk) [2011/10/11 16:43:35.370927, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3924 [2011/10/11 16:43:35.370968, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.371011, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (28).lnk -> 722513EA -> WVO5SK~Q.LNK (cache=1) [2011/10/11 16:43:35.371065, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3052 [2011/10/11 16:43:35.371113, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk [2011/10/11 16:43:35.371155, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.371196, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk [2011/10/11 16:43:35.371239, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.371279, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.371325, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.371388, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa7a5, type= 0x3, gen_id = 845, uid = 0, flags = 0, file_id 803:40432b:0, name_hash = 0x574b1b52 [2011/10/11 16:43:35.371436, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk fname=Server Manager (29).lnk (Server Manager (29).lnk) [2011/10/11 16:43:35.371483, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3776 [2011/10/11 16:43:35.371524, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.371567, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (29).lnk -> 2B54C517 -> SC0TM3~B.LNK (cache=1) [2011/10/11 16:43:35.371748, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3088 [2011/10/11 16:43:35.371797, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk [2011/10/11 16:43:35.371840, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.371881, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk [2011/10/11 16:43:35.371923, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.372034, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.372082, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.372150, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaa5, type= 0x3, gen_id = 911, uid = 0, flags = 0, file_id 803:40432c:0, name_hash = 0x532fd912 [2011/10/11 16:43:35.372214, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk fname=Windows PowerShell (29).lnk (Windows PowerShell (29).lnk) [2011/10/11 16:43:35.372263, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3636 [2011/10/11 16:43:35.372305, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.372350, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (29).lnk -> 71251219 -> WVE66U~1.LNK (cache=1) [2011/10/11 16:43:35.372405, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3120 [2011/10/11 16:43:35.372453, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk [2011/10/11 16:43:35.372496, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.372537, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk [2011/10/11 16:43:35.372580, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.372620, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.372667, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.372731, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaaa5, type= 0x3, gen_id = 847, uid = 0, flags = 0, file_id 803:40432d:0, name_hash = 0x11561aca [2011/10/11 16:43:35.372779, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk fname=Server Manager (30).lnk (Server Manager (30).lnk) [2011/10/11 16:43:35.372826, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3488 [2011/10/11 16:43:35.372868, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.372911, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (30).lnk -> 1E527219 -> S8EVML~5.LNK (cache=1) [2011/10/11 16:43:35.372966, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3156 [2011/10/11 16:43:35.373013, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk [2011/10/11 16:43:35.373056, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.373098, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk [2011/10/11 16:43:35.373140, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.373180, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.373227, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.373291, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xda5, type= 0x3, gen_id = 913, uid = 0, flags = 0, file_id 803:40432e:0, name_hash = 0x77f7f64e [2011/10/11 16:43:35.373339, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk fname=Windows PowerShell (30).lnk (Windows PowerShell (30).lnk) [2011/10/11 16:43:35.373420, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3348 [2011/10/11 16:43:35.373463, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.373507, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (30).lnk -> 7422D87B -> WW81UG~R.LNK (cache=1) [2011/10/11 16:43:35.373562, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3188 [2011/10/11 16:43:35.373609, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk [2011/10/11 16:43:35.373652, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.373693, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk [2011/10/11 16:43:35.373736, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.373776, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.373823, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.373887, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xac25, type= 0x3, gen_id = 848, uid = 0, flags = 0, file_id 803:40432f:0, name_hash = 0x4a7c5015 [2011/10/11 16:43:35.373938, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk fname=Server Manager (31).lnk (Server Manager (31).lnk) [2011/10/11 16:43:35.373985, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3200 [2011/10/11 16:43:35.374026, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.374070, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (31).lnk -> 1F5273EA -> S8OV8B~U.LNK (cache=1) [2011/10/11 16:43:35.374125, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3224 [2011/10/11 16:43:35.374172, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk [2011/10/11 16:43:35.374214, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.374256, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk [2011/10/11 16:43:35.374298, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.374338, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.374385, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.374449, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf25, type= 0x3, gen_id = 914, uid = 0, flags = 0, file_id 803:404330:0, name_hash = 0x1acada29 [2011/10/11 16:43:35.374497, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk fname=Windows PowerShell (31).lnk (Windows PowerShell (31).lnk) [2011/10/11 16:43:35.374544, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3060 [2011/10/11 16:43:35.374599, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.374643, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (31).lnk -> 7522D9CC -> WWI1G3~W.LNK (cache=1) [2011/10/11 16:43:35.374697, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3256 [2011/10/11 16:43:35.374744, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk [2011/10/11 16:43:35.374787, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.374828, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk [2011/10/11 16:43:35.374870, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.374911, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.374957, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.375020, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xada5, type= 0x3, gen_id = 849, uid = 0, flags = 0, file_id 803:404331:0, name_hash = 0xf8ab53d1 [2011/10/11 16:43:35.375068, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk fname=Server Manager (32).lnk (Server Manager (32).lnk) [2011/10/11 16:43:35.375115, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2912 [2011/10/11 16:43:35.375157, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.375200, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (32).lnk -> 2052757F -> S8YUU0~V.LNK (cache=1) [2011/10/11 16:43:35.375255, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3292 [2011/10/11 16:43:35.375302, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk [2011/10/11 16:43:35.375344, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.375386, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk [2011/10/11 16:43:35.375428, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.375469, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.375515, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.375579, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x10a5, type= 0x3, gen_id = 915, uid = 0, flags = 0, file_id 803:404332:0, name_hash = 0x1c1d5333 [2011/10/11 16:43:35.375627, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk fname=Windows PowerShell (32).lnk (Windows PowerShell (32).lnk) [2011/10/11 16:43:35.375674, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2772 [2011/10/11 16:43:35.375715, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.375758, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (32).lnk -> 7222D505 -> WVO2N0~L.LNK (cache=1) [2011/10/11 16:43:35.375827, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3324 [2011/10/11 16:43:35.375874, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk [2011/10/11 16:43:35.375917, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.375958, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk [2011/10/11 16:43:35.376000, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.376040, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.376087, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.376150, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaf25, type= 0x3, gen_id = 850, uid = 0, flags = 0, file_id 803:404333:0, name_hash = 0x79dea1e4 [2011/10/11 16:43:35.376198, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk fname=Server Manager (33).lnk (Server Manager (33).lnk) [2011/10/11 16:43:35.376245, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2624 [2011/10/11 16:43:35.376286, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.376330, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (33).lnk -> 215276C0 -> S98UFN~K.LNK (cache=1) [2011/10/11 16:43:35.376384, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3360 [2011/10/11 16:43:35.376431, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk [2011/10/11 16:43:35.376474, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.376515, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk [2011/10/11 16:43:35.376557, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.376598, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.376644, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.376708, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1225, type= 0x3, gen_id = 916, uid = 0, flags = 0, file_id 803:404334:0, name_hash = 0xc8a13f00 [2011/10/11 16:43:35.376756, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk fname=Windows PowerShell (33).lnk (Windows PowerShell (33).lnk) [2011/10/11 16:43:35.376803, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2484 [2011/10/11 16:43:35.376844, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.376888, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (33).lnk -> 7322D696 -> WVY28P~I.LNK (cache=1) [2011/10/11 16:43:35.376942, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3392 [2011/10/11 16:43:35.377003, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk [2011/10/11 16:43:35.377047, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.377088, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk [2011/10/11 16:43:35.377131, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.377171, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.377218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.377282, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb0a5, type= 0x3, gen_id = 851, uid = 0, flags = 0, file_id 803:404335:0, name_hash = 0x73546e30 [2011/10/11 16:43:35.377330, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk fname=Server Manager (34).lnk (Server Manager (34).lnk) [2011/10/11 16:43:35.377393, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2336 [2011/10/11 16:43:35.377436, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.377480, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (34).lnk -> 22527855 -> S9IU1C~L.LNK (cache=1) [2011/10/11 16:43:35.377535, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3428 [2011/10/11 16:43:35.377583, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk [2011/10/11 16:43:35.377626, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.377667, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk [2011/10/11 16:43:35.377710, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.377751, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.377798, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.377863, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x13a5, type= 0x3, gen_id = 917, uid = 0, flags = 0, file_id 803:404336:0, name_hash = 0x1b60bce8 [2011/10/11 16:43:35.377911, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk fname=Windows PowerShell (34).lnk (Windows PowerShell (34).lnk) [2011/10/11 16:43:35.377958, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2196 [2011/10/11 16:43:35.377999, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.378043, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (34).lnk -> 7022D22F -> WV43FO~V.LNK (cache=1) [2011/10/11 16:43:35.378097, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3460 [2011/10/11 16:43:35.378145, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk [2011/10/11 16:43:35.378188, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.378244, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk [2011/10/11 16:43:35.378286, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.378327, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.378374, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.378437, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb225, type= 0x3, gen_id = 852, uid = 0, flags = 0, file_id 803:404338:0, name_hash = 0x9a0511b6 [2011/10/11 16:43:35.378485, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk fname=Server Manager (35).lnk (Server Manager (35).lnk) [2011/10/11 16:43:35.378532, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2048 [2011/10/11 16:43:35.378573, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.378617, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (35).lnk -> 23527A26 -> S9STN3~A.LNK (cache=1) [2011/10/11 16:43:35.378671, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3496 [2011/10/11 16:43:35.378718, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk [2011/10/11 16:43:35.378761, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.378802, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk [2011/10/11 16:43:35.378845, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.378885, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.378932, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.378995, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1525, type= 0x3, gen_id = 918, uid = 0, flags = 0, file_id 803:404339:0, name_hash = 0x8a6a4957 [2011/10/11 16:43:35.379043, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk fname=Windows PowerShell (35).lnk (Windows PowerShell (35).lnk) [2011/10/11 16:43:35.379090, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1908 [2011/10/11 16:43:35.379131, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.379175, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (35).lnk -> 7122D3B0 -> WVE31D~C.LNK (cache=1) [2011/10/11 16:43:35.379228, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3528 [2011/10/11 16:43:35.379276, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk [2011/10/11 16:43:35.379318, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.379359, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk [2011/10/11 16:43:35.379415, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.379456, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.379503, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.379569, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb3a5, type= 0x3, gen_id = 853, uid = 0, flags = 0, file_id 803:40433a:0, name_hash = 0xb66c4cd3 [2011/10/11 16:43:35.379617, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk fname=Server Manager (36).lnk (Server Manager (36).lnk) [2011/10/11 16:43:35.379664, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1760 [2011/10/11 16:43:35.379706, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.379750, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (36).lnk -> 24527B8B -> SA2T8Q~Z.LNK (cache=1) [2011/10/11 16:43:35.379804, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3564 [2011/10/11 16:43:35.379851, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk [2011/10/11 16:43:35.379894, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.379936, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk [2011/10/11 16:43:35.379978, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.380019, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.380065, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.380129, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x16a5, type= 0x3, gen_id = 919, uid = 0, flags = 0, file_id 803:40433b:0, name_hash = 0x3581512a [2011/10/11 16:43:35.380178, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk fname=Windows PowerShell (36).lnk (Windows PowerShell (36).lnk) [2011/10/11 16:43:35.380225, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1620 [2011/10/11 16:43:35.380267, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.380310, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (36).lnk -> 6E22CEC9 -> WUK489~5.LNK (cache=1) [2011/10/11 16:43:35.380365, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3596 [2011/10/11 16:43:35.380412, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk [2011/10/11 16:43:35.380455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.380497, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk [2011/10/11 16:43:35.380539, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.380579, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.380626, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.380704, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb525, type= 0x3, gen_id = 854, uid = 0, flags = 0, file_id 803:40433c:0, name_hash = 0xdd212722 [2011/10/11 16:43:35.380752, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk fname=Server Manager (37).lnk (Server Manager (37).lnk) [2011/10/11 16:43:35.380800, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1472 [2011/10/11 16:43:35.380841, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.380884, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (37).lnk -> 25527D1C -> SACSUF~W.LNK (cache=1) [2011/10/11 16:43:35.380938, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3632 [2011/10/11 16:43:35.380985, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk [2011/10/11 16:43:35.381028, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.381069, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk [2011/10/11 16:43:35.381111, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.381151, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.381198, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.381262, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1825, type= 0x3, gen_id = 920, uid = 0, flags = 0, file_id 803:40433d:0, name_hash = 0x1755dcbf [2011/10/11 16:43:35.381309, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk fname=Windows PowerShell (37).lnk (Windows PowerShell (37).lnk) [2011/10/11 16:43:35.381357, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1332 [2011/10/11 16:43:35.381413, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.381456, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (37).lnk -> 6F22D05A -> WUU3TY~2.LNK (cache=1) [2011/10/11 16:43:35.381511, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3664 [2011/10/11 16:43:35.381558, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk [2011/10/11 16:43:35.381601, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.381642, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk [2011/10/11 16:43:35.381685, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.381725, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.381772, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.381835, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb6a5, type= 0x3, gen_id = 855, uid = 0, flags = 0, file_id 803:40433e:0, name_hash = 0xb50acad0 [2011/10/11 16:43:35.381895, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk fname=Server Manager (38).lnk (Server Manager (38).lnk) [2011/10/11 16:43:35.381943, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1184 [2011/10/11 16:43:35.381984, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.382028, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (38).lnk -> 26527EE1 -> SAMSG6~9.LNK (cache=1) [2011/10/11 16:43:35.382082, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3700 [2011/10/11 16:43:35.382129, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk [2011/10/11 16:43:35.382172, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.382213, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk [2011/10/11 16:43:35.382256, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.382296, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.382343, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.382407, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x19a5, type= 0x3, gen_id = 921, uid = 0, flags = 0, file_id 803:40433f:0, name_hash = 0xcf0eb539 [2011/10/11 16:43:35.382455, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk fname=Windows PowerShell (38).lnk (Windows PowerShell (38).lnk) [2011/10/11 16:43:35.382502, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1044 [2011/10/11 16:43:35.382544, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.382587, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (38).lnk -> 7C22E4C3 -> WYFYNY~B.LNK (cache=1) [2011/10/11 16:43:35.382641, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3732 [2011/10/11 16:43:35.382689, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk [2011/10/11 16:43:35.382732, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.382773, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk [2011/10/11 16:43:35.382816, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.382856, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.382903, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.382967, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x70a5, type= 0x3, gen_id = 1001, uid = 0, flags = 0, file_id 803:404340:0, name_hash = 0xbba8b35 [2011/10/11 16:43:35.383024, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0x7a65, type= 0x40, gen_id = 1008, uid = 0, flags = 0, file_id 803:404340:0, name_hash = 0xbba8b35 [2011/10/11 16:43:35.383087, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk fname=Server Manager (39).lnk (Server Manager (39).lnk) [2011/10/11 16:43:35.383134, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 896 [2011/10/11 16:43:35.383175, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.383219, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (39).lnk -> 27528072 -> SAWS1V~6.LNK (cache=1) [2011/10/11 16:43:35.383273, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:35.383320, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk [2011/10/11 16:43:35.383363, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.383404, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk [2011/10/11 16:43:35.383447, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.383487, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.383533, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.383597, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb4a5, type= 0x3, gen_id = 1046, uid = 0, flags = 0, file_id 803:404341:0, name_hash = 0xc2337d8c [2011/10/11 16:43:35.383654, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0xbe25, type= 0x40, gen_id = 1053, uid = 0, flags = 0, file_id 803:404341:0, name_hash = 0xc2337d8c [2011/10/11 16:43:35.383702, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk fname=Windows PowerShell (39).lnk (Windows PowerShell (39).lnk) [2011/10/11 16:43:35.383749, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 756 [2011/10/11 16:43:35.383790, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.383834, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (39).lnk -> 7D22E654 -> WYPY9N~8.LNK (cache=1) [2011/10/11 16:43:35.383882, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:35.383925, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:35.383968, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:35.384162, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 15776, useable_space = 131010 [2011/10/11 16:43:35.384212, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 15776, paramsize = 10, datasize = 15776 [2011/10/11 16:43:35.384254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.384279, 5] lib/util.c:341(show_msg) size=15844 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=63108 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]=15776 (0x3DA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]=15776 (0x3DA0) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=15789 [2011/10/11 16:43:35.384675, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 6D 00 01 00 00 00 0C 3D 00 00 60 00 00 ...m.... ..=..`.. [0010] 00 00 00 00 00 80 D8 51 26 24 88 CC 01 80 D8 51 .......Q &$.....Q [0020] 26 24 88 CC 01 80 D8 51 26 24 88 CC 01 80 D8 51 &$.....Q &$.....Q [0030] 26 24 88 CC 01 00 00 00 00 00 00 00 00 00 00 00 &$...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0080] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0090] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 90 00 00 00 00 00 00 00 80 A9 C2 27 3F 04 CA ........ ....'?.. [00E0] 01 00 99 D7 F6 5B 87 CC 01 80 A9 C2 27 3F 04 CA .....[.. ....'?.. [00F0] 01 80 A9 C2 27 3F 04 CA 01 EB 05 00 00 00 00 00 ....'?.. ........ [0100] 00 00 00 10 00 00 00 00 00 80 00 00 00 30 00 00 ........ .....0.. [0110] 00 00 00 00 00 18 00 57 00 43 00 46 00 4B 00 30 .......W .C.F.K.0 [0120] 00 48 00 7E 00 33 00 2E 00 4C 00 4E 00 4B 00 57 .H.~.3.. .L.N.K.W [0130] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D .i.n.d.o .w.s. .M [0140] 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 .e.d.i.a . .P.l.a [0150] 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 .y.e.r.. .l.n.k.. [0160] 00 74 00 00 00 00 00 00 00 80 AB 20 25 24 88 CC .t...... ... %$.. [0170] 01 80 AB 20 25 24 88 CC 01 00 6F EA 26 24 88 CC ... %$.. ..o.&$.. [0180] 01 00 6F EA 26 24 88 CC 01 B2 11 00 00 00 00 00 ..o.&$.. ........ [0190] 00 00 00 10 00 00 00 00 00 02 00 00 00 16 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 ........ .......d [01C0] 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 .e.s.k.t .o.p...i [01D0] 00 6E 00 69 00 84 00 00 00 00 00 00 00 00 B2 CA .n.i.... ........ [01E0] B9 3F 04 CA 01 00 99 D7 F6 5B 87 CC 01 00 B2 CA .?...... .[...... [01F0] B9 3F 04 CA 01 00 B2 CA B9 3F 04 CA 01 12 05 00 .?...... .?...... [2011/10/11 16:43:35.385871, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=* directory=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar dirtype=22 numentries=109 [2011/10/11 16:43:35.385928, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2011/10/11 16:43:35.388034, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:35.388117, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:35.388165, 3] smbd/process.c:1661(process_smb) Transaction 7967 of length 45 (0 toread) [2011/10/11 16:43:35.388207, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.388232, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=63172 smt_wct=3 smb_vwv[ 0]=18506 (0x484A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:35.388497, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.388526, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.388599, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.388644, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.389104, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.389240, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.389286, 3] smbd/reply.c:4840(reply_close) close directory fnum=18506 [2011/10/11 16:43:35.389337, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.389419, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87d80 [2011/10/11 16:43:35.389462, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.389530, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.389584, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x57ae7988 [2011/10/11 16:43:35.389630, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.389685, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar = 0 [2011/10/11 16:43:35.389731, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.389780, 5] smbd/files.c:464(file_free) freed files structure 18506 (174 used) [2011/10/11 16:43:35.389825, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.389850, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=63172 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:35.390064, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.386231, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.386303, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.386346, 3] smbd/process.c:1661(process_smb) Transaction 7968 of length 180 (0 toread) [2011/10/11 16:43:39.386389, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.386413, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63236 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.386897, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.387162, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.387212, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.387258, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.387715, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.387853, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.387902, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.387952, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.388000, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] [2011/10/11 16:43:39.388044, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] [2011/10/11 16:43:39.388087, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS] [2011/10/11 16:43:39.388129, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK] [2011/10/11 16:43:39.388172, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT] -> [ando/Microsoft] [2011/10/11 16:43:39.388222, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, dirpath = ando/Microsoft, start = Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.388275, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fc9b0d87fe0:size 31) ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK -> ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.388334, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished ando/Microsoft/Network/Connections/Pbk/_hiddenPbk -> ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.388388, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.388446, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.388489, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.388534, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.388579, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.388623, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.388667, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.388709, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.388750, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.388822, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.388865, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.389005, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.389047, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.389090, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.389114, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63236 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.389522, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.390007, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.390057, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.390100, 3] smbd/process.c:1661(process_smb) Transaction 7969 of length 180 (0 toread) [2011/10/11 16:43:39.390142, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.390166, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63300 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.390624, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.390901, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.390948, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.390991, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.391442, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.391573, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.391619, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.391665, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.391710, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.391766, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.391817, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.391859, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.391903, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.391947, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.391990, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.392033, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.392075, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.392116, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.392164, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.392207, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.392263, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.392305, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.392330, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63300 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.392705, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.393274, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.393324, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.393366, 3] smbd/process.c:1661(process_smb) Transaction 7970 of length 180 (0 toread) [2011/10/11 16:43:39.393429, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.393454, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63364 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.393910, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.394169, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.394214, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.394258, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.394704, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.394848, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.394894, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.394940, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.394984, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.395039, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.395089, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.395130, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.395175, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.395219, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.395262, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.395305, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.395347, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.395388, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.395436, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.395478, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.395613, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.395654, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.395696, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.395722, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63364 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.396097, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.396568, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.396619, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.396661, 3] smbd/process.c:1661(process_smb) Transaction 7971 of length 180 (0 toread) [2011/10/11 16:43:39.396703, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.396727, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63428 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.397208, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.397486, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.397532, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.397576, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.398026, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.398157, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.398203, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.398249, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.398295, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.398349, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.398398, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.398440, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.398485, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.398528, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.398572, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.398615, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.398671, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.398712, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.398761, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.398803, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.398845, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.398887, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.398912, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63428 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.399289, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.399780, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 208 [2011/10/11 16:43:39.399829, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xd0 [2011/10/11 16:43:39.399871, 3] smbd/process.c:1661(process_smb) Transaction 7972 of length 212 (0 toread) [2011/10/11 16:43:39.399913, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.399938, 5] lib/util.c:341(show_msg) size=208 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63492 smt_wct=15 smb_vwv[ 0]= 140 (0x8C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 140 (0x8C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=143 [2011/10/11 16:43:39.400395, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 5F .n.s.\.P .b.k.\._ [0060] 00 68 00 69 00 64 00 64 00 65 00 6E 00 50 00 62 .h.i.d.d .e.n.P.b [0070] 00 6B 00 5C 00 72 00 61 00 73 00 70 00 68 00 6F .k.\.r.a .s.p.h.o [0080] 00 6E 00 65 00 2E 00 70 00 62 00 6B 00 00 00 .n.e...p .b.k... [2011/10/11 16:43:39.400720, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.400765, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.400809, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.401270, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.401417, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.401466, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.401516, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk" [2011/10/11 16:43:39.401561, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK] [2011/10/11 16:43:39.401604, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.401653, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, dirpath = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, start = rasphone.pbk [2011/10/11 16:43:39.401705, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fc9b0d88050:size 3e) ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK -> ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.401749, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk -> ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.401794, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, mask = rasphone.pbk [2011/10/11 16:43:39.401840, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.401897, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, expect_close = 1 [2011/10/11 16:43:39.401940, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.401982, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.402039, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.402085, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.402128, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.402170, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.402211, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.402252, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.402307, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.402349, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[rasphone.pbk] found ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk fname=rasphone.pbk (rasphone.pbk) [2011/10/11 16:43:39.402398, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:39.402457, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:39.402503, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.402545, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.402615, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2011/10/11 16:43:39.402658, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2011/10/11 16:43:39.402700, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.402725, 5] lib/util.c:341(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63492 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2011/10/11 16:43:39.403101, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0020] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0030] E1 29 84 CC 01 00 00 00 00 00 00 00 00 00 00 00 .)...... ........ [0040] 00 00 00 00 00 80 00 00 00 18 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 72 00 61 00 73 ........ ...r.a.s [0070] 00 70 00 68 00 6F 00 6E 00 65 00 2E 00 70 00 62 .p.h.o.n .e...p.b [0080] 00 6B 00 00 00 .k... [2011/10/11 16:43:39.403448, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=rasphone.pbk directory=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk dirtype=22 numentries=1 [2011/10/11 16:43:39.403938, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.403987, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.404030, 3] smbd/process.c:1661(process_smb) Transaction 7973 of length 180 (0 toread) [2011/10/11 16:43:39.404072, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.404096, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63556 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.404552, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.404812, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.404859, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.404920, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.405372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.405523, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.405570, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.405617, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.405663, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.405719, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.405770, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.405812, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.405857, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.405900, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.405944, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.405987, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.406029, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.406070, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.406120, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.406161, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.406298, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.406340, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.406382, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.406407, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63556 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.406797, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.407299, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.407349, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.407391, 3] smbd/process.c:1661(process_smb) Transaction 7974 of length 180 (0 toread) [2011/10/11 16:43:39.407432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.407457, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63620 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.407912, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.408171, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.408217, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.408261, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.408708, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.408837, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.408882, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.408928, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.408972, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.409042, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.409091, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.409133, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.409177, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.409221, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.409264, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.409307, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.409349, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.409410, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.409459, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.409502, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.409544, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.409586, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.409611, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63620 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.409988, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.410498, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 208 [2011/10/11 16:43:39.410548, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xd0 [2011/10/11 16:43:39.410591, 3] smbd/process.c:1661(process_smb) Transaction 7975 of length 212 (0 toread) [2011/10/11 16:43:39.410633, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.410658, 5] lib/util.c:341(show_msg) size=208 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63684 smt_wct=15 smb_vwv[ 0]= 140 (0x8C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 140 (0x8C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=143 [2011/10/11 16:43:39.411117, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 5F .n.s.\.P .b.k.\._ [0060] 00 68 00 69 00 64 00 64 00 65 00 6E 00 50 00 62 .h.i.d.d .e.n.P.b [0070] 00 6B 00 5C 00 72 00 61 00 73 00 70 00 68 00 6F .k.\.r.a .s.p.h.o [0080] 00 6E 00 65 00 2E 00 70 00 62 00 6B 00 00 00 .n.e...p .b.k... [2011/10/11 16:43:39.411461, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.411507, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.411550, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.412002, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.412132, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.412181, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.412230, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk" [2011/10/11 16:43:39.412276, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk] [2011/10/11 16:43:39.412325, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, mask = rasphone.pbk [2011/10/11 16:43:39.412371, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.412426, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, expect_close = 1 [2011/10/11 16:43:39.412469, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.412511, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.412568, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.412614, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.412656, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.412698, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.412740, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.412780, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.412829, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.412886, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[rasphone.pbk] found ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk fname=rasphone.pbk (rasphone.pbk) [2011/10/11 16:43:39.412935, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:39.412977, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:39.413023, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.413065, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.413130, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2011/10/11 16:43:39.413174, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2011/10/11 16:43:39.413216, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.413241, 5] lib/util.c:341(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63684 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2011/10/11 16:43:39.413642, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0020] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0030] E1 29 84 CC 01 00 00 00 00 00 00 00 00 00 00 00 .)...... ........ [0040] 00 00 00 00 00 80 00 00 00 18 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 72 00 61 00 73 ........ ...r.a.s [0070] 00 70 00 68 00 6F 00 6E 00 65 00 2E 00 70 00 62 .p.h.o.n .e...p.b [0080] 00 6B 00 00 00 .k... [2011/10/11 16:43:39.413987, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=rasphone.pbk directory=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk dirtype=22 numentries=1 [2011/10/11 16:43:39.414486, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 212 [2011/10/11 16:43:39.414535, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xd4 [2011/10/11 16:43:39.414577, 3] smbd/process.c:1661(process_smb) Transaction 7976 of length 216 (0 toread) [2011/10/11 16:43:39.414619, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.414644, 5] lib/util.c:341(show_msg) size=212 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63748 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=32256 (0x7E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 256 (0x100) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=129 [2011/10/11 16:43:39.415244, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C .N.e.t.w .o.r.k.\ [0030] 00 43 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 .C.o.n.n .e.c.t.i [0040] 00 6F 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C .o.n.s.\ .P.b.k.\ [0050] 00 5F 00 68 00 69 00 64 00 64 00 65 00 6E 00 50 ._.h.i.d .d.e.n.P [0060] 00 62 00 6B 00 5C 00 72 00 61 00 73 00 70 00 68 .b.k.\.r .a.s.p.h [0070] 00 6F 00 6E 00 65 00 2E 00 70 00 62 00 6B 00 00 .o.n.e.. .p.b.k.. [0080] 00 . [2011/10/11 16:43:39.415581, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.415627, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.415671, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.416123, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.416255, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.416304, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x1, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.416352, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk" [2011/10/11 16:43:39.416397, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk] [2011/10/11 16:43:39.416449, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x1, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.416500, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x1, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.416553, 5] smbd/files.c:126(file_new) allocated file structure 14411, fnum = 18507 (175 used) [2011/10/11 16:43:39.416601, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk hash 0x95bcfbb3 [2011/10/11 16:43:39.416647, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk) returning 0400 [2011/10/11 16:43:39.416691, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, dos_attrs=0x1 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0400 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:39.416753, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.416797, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.416839, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.416881, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.416923, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.416966, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, after mapping access_mask=0x20089 [2011/10/11 16:43:39.417022, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000540 [2011/10/11 16:43:39.417071, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88680 [2011/10/11 16:43:39.417114, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:414005:0 [2011/10/11 16:43:39.417160, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000540 [2011/10/11 16:43:39.417223, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000540 [2011/10/11 16:43:39.417269, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d888c0 [2011/10/11 16:43:39.417313, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.417357, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0400, access_mask = 0x20089, open_access_mask = 0x20089 [2011/10/11 16:43:39.417432, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, flags = 00 mode = 0400, fd = 31. [2011/10/11 16:43:39.417477, 2] smbd/open.c:694(open_file) ando opened file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk read=Yes write=No (numopen=111) [2011/10/11 16:43:39.417528, 3] smbd/oplock_linux.c:129(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, file_id = 803:414005:0 gen_id = 1068 [2011/10/11 16:43:39.417576, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, 803:414005:0/1068, tv_sec = 4e94561b, tv_usec = 65b26 [2011/10/11 16:43:39.417627, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2011/10/11 16:43:39.417696, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.417767, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000540 [2011/10/11 16:43:39.417821, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:39.417863, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:39.417907, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.417950, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.417992, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.418034, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.418090, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.418137, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.418202, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.418261, 10] smbd/file_access.c:205(can_access_file_data) can_access_file_data: requesting 0x2 on file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.418306, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18507, open name = ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.418732, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 72 [2011/10/11 16:43:39.418784, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x48 [2011/10/11 16:43:39.418826, 3] smbd/process.c:1661(process_smb) Transaction 7977 of length 76 (0 toread) [2011/10/11 16:43:39.418869, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.418894, 5] lib/util.c:341(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63812 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2011/10/11 16:43:39.419352, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 4B 48 EE 03 ...KH.. [2011/10/11 16:43:39.419410, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.419457, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.419501, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.419952, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.420085, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.420132, 3] smbd/trans2.c:5031(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2011/10/11 16:43:39.420185, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.420269, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.420319, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.420362, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk (fnum = 18507) level=1006 call=7 total_data=0 [2011/10/11 16:43:39.420407, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk (fnum = 18507) level=1006 max_data=8 [2011/10/11 16:43:39.420452, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.420495, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.420538, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.420580, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.420621, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.420671, 10] smbd/trans2.c:4619(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2011/10/11 16:43:39.420715, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2011/10/11 16:43:39.420757, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2011/10/11 16:43:39.420799, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.420824, 5] lib/util.c:341(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63812 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2011/10/11 16:43:39.421201, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 05 40 41 00 00 00 00 00 ......@A ..... [2011/10/11 16:43:39.422425, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.422475, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.422517, 3] smbd/process.c:1661(process_smb) Transaction 7978 of length 158 (0 toread) [2011/10/11 16:43:39.422559, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.422584, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63876 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.423040, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.423263, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.423325, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.423369, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.423815, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.423944, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.423989, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.424037, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.424082, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] [2011/10/11 16:43:39.424126, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS] [2011/10/11 16:43:39.424168, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK] [2011/10/11 16:43:39.424210, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT] -> [ando/Microsoft] [2011/10/11 16:43:39.424257, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk, dirpath = ando/Microsoft, start = Network/Connections/Pbk [2011/10/11 16:43:39.424309, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fc9b0bc3910:size 26) ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK -> ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.424352, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished ando/Microsoft/Network/Connections/Pbk -> ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.424403, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.424451, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.424493, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.424537, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.424580, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.424623, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.424666, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.424707, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.424763, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.424829, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.424872, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Mon Oct 10 16:50:41 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.425009, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.425050, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.425092, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.425117, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63876 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.425534, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 80 B6 03 ........ .)...... [0010] FB 5B 87 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .[...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.426053, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.426103, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.426145, 3] smbd/process.c:1661(process_smb) Transaction 7979 of length 158 (0 toread) [2011/10/11 16:43:39.426187, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.426212, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63940 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.426669, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.426893, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.426940, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.426983, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.427452, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.427583, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.427629, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.427675, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.427720, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.427774, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.427824, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.427866, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.427910, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.427953, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.427997, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.428040, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.428082, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.428123, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.428171, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.428214, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.428256, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.428298, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.428323, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=63940 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.428697, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.429251, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 186 [2011/10/11 16:43:39.429301, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xba [2011/10/11 16:43:39.429343, 3] smbd/process.c:1661(process_smb) Transaction 7980 of length 190 (0 toread) [2011/10/11 16:43:39.429405, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.429430, 5] lib/util.c:341(show_msg) size=186 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64004 smt_wct=15 smb_vwv[ 0]= 118 (0x76) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 118 (0x76) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=121 [2011/10/11 16:43:39.429901, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 72 .n.s.\.P .b.k.\.r [0060] 00 61 00 73 00 70 00 68 00 6F 00 6E 00 65 00 2E .a.s.p.h .o.n.e.. [0070] 00 70 00 62 00 6B 00 00 00 .p.b.k.. . [2011/10/11 16:43:39.430190, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.430235, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.430278, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.430725, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.430854, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.430903, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.430952, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/rasphone.pbk" [2011/10/11 16:43:39.430997, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/RASPHONE.PBK] [2011/10/11 16:43:39.431040, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.431088, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/rasphone.pbk, dirpath = ando/Microsoft/Network/Connections/Pbk, start = rasphone.pbk [2011/10/11 16:43:39.431140, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Network/Connections/Pbk/rasphone.pbk, dirpath = ando/Microsoft/Network/Connections/Pbk, start = rasphone.pbk [2011/10/11 16:43:39.431184, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.431241, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.431287, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.431327, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.431415, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.431459, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.431500, 5] smbd/filename.c:781(unix_convert) New file rasphone.pbk [2011/10/11 16:43:39.431543, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk, mask = rasphone.pbk [2011/10/11 16:43:39.431587, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.431637, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk, expect_close = 1 [2011/10/11 16:43:39.431680, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.431722, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.431782, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:39.431826, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:39.431881, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:39.431925, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: _hiddenPbk -> 735694E1 -> _W02X9~D (cache=0) [2011/10/11 16:43:39.431970, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.432013, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.432056, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.432108, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:39.432154, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.432180, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64004 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.432394, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.432892, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.432943, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.432985, 3] smbd/process.c:1661(process_smb) Transaction 7981 of length 158 (0 toread) [2011/10/11 16:43:39.433027, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.433052, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64068 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.433529, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.433773, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.433819, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.433863, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.434312, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.434443, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.434490, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.434537, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.434582, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.434638, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.434691, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.434733, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.434778, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.434822, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.434865, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.434909, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.434950, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.434991, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.435041, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.435083, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Mon Oct 10 16:50:41 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.435220, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.435262, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.435320, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.435345, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64068 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.435721, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 80 B6 03 ........ .)...... [0010] FB 5B 87 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .[...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.436203, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.436252, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.436294, 3] smbd/process.c:1661(process_smb) Transaction 7982 of length 158 (0 toread) [2011/10/11 16:43:39.436336, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.436361, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64132 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.436816, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.437038, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.437084, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.437127, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.437593, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.437723, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.437768, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.437830, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.437874, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.437928, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.437976, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.438018, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.438062, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.438105, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.438148, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.438191, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.438232, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.438273, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.438322, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.438364, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.438406, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.438448, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.438473, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64132 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.438847, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.439367, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 172 [2011/10/11 16:43:39.439418, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xac [2011/10/11 16:43:39.439460, 3] smbd/process.c:1661(process_smb) Transaction 7983 of length 176 (0 toread) [2011/10/11 16:43:39.439502, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.439527, 5] lib/util.c:341(show_msg) size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64196 smt_wct=15 smb_vwv[ 0]= 104 (0x68) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 104 (0x68) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=107 [2011/10/11 16:43:39.439983, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 3C .n.s.\.P .b.k.\.< [0060] 00 2E 00 50 00 42 00 4B 00 00 00 ...P.B.K ... [2011/10/11 16:43:39.440257, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.440303, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.440346, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.440793, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.440922, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.440970, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.441020, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/<.PBK" [2011/10/11 16:43:39.441064, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/<.PBK] [2011/10/11 16:43:39.441107, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.441155, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/<.PBK, dirpath = ando/Microsoft/Network/Connections/Pbk, start = <.PBK [2011/10/11 16:43:39.441204, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Network/Connections/Pbk/<.PBK, dirpath = ando/Microsoft/Network/Connections/Pbk, start = <.PBK [2011/10/11 16:43:39.441247, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled <.PBK ? [2011/10/11 16:43:39.441288, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component <.PBK (len 5) ? [2011/10/11 16:43:39.441330, 5] smbd/filename.c:609(unix_convert) Wildcard <.PBK [2011/10/11 16:43:39.441395, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk, mask = <.PBK [2011/10/11 16:43:39.441443, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.441497, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk, expect_close = 1 [2011/10/11 16:43:39.441540, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = <.PBK, attr = 22 [2011/10/11 16:43:39.441582, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.441645, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:39.441694, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:39.441754, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:39.441800, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: _hiddenPbk -> 735694E1 -> _W02X9~D (cache=0) [2011/10/11 16:43:39.441846, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.441888, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.441931, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.441999, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:39.442046, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.442071, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64196 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.442286, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.458648, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.458703, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.458746, 3] smbd/process.c:1661(process_smb) Transaction 7984 of length 180 (0 toread) [2011/10/11 16:43:39.458787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.458812, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64260 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.459267, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.459528, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.459574, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.459618, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.460088, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.460220, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.460267, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.460315, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.460361, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.460418, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.460473, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.460515, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.460560, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.460604, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.460648, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.460692, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.460733, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.460775, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.460835, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.460877, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.461014, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.461057, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.461099, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.461124, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64260 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.461522, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.461924, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.461973, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.462015, 3] smbd/process.c:1661(process_smb) Transaction 7985 of length 180 (0 toread) [2011/10/11 16:43:39.462074, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.462099, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64324 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.462557, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.462817, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.462863, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.462907, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.463358, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.463489, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.463535, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.463581, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.463626, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.463681, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.463731, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.463773, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.463817, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.463875, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.463918, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.463961, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.464002, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.464044, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.464092, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.464135, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.464177, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.464218, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.464243, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64324 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.464618, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.465209, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.465258, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.465301, 3] smbd/process.c:1661(process_smb) Transaction 7986 of length 180 (0 toread) [2011/10/11 16:43:39.465342, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.465367, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64388 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.465840, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.466100, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.466145, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.466188, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.466652, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.466780, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.466826, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.466871, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.466916, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.466971, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.467020, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.467062, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.467106, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.467149, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.467192, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.467235, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.467277, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.467318, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.467365, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.467407, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.467542, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.467584, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.467626, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.467651, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64388 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.468025, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.468527, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.468578, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.468620, 3] smbd/process.c:1661(process_smb) Transaction 7987 of length 180 (0 toread) [2011/10/11 16:43:39.468662, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.468686, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64452 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.469141, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.469418, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.469464, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.469507, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.469954, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.470083, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.470128, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.470174, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.470219, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.470273, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.470338, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.470381, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.470425, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.470469, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.470512, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.470555, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.470596, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.470637, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.470686, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.470728, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.470770, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.470812, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.470837, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64452 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.471213, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.471665, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 208 [2011/10/11 16:43:39.471715, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xd0 [2011/10/11 16:43:39.471757, 3] smbd/process.c:1661(process_smb) Transaction 7988 of length 212 (0 toread) [2011/10/11 16:43:39.471799, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.471824, 5] lib/util.c:341(show_msg) size=208 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64516 smt_wct=15 smb_vwv[ 0]= 140 (0x8C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 140 (0x8C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=143 [2011/10/11 16:43:39.472279, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 5F .n.s.\.P .b.k.\._ [0060] 00 68 00 69 00 64 00 64 00 65 00 6E 00 50 00 62 .h.i.d.d .e.n.P.b [0070] 00 6B 00 5C 00 72 00 61 00 73 00 70 00 68 00 6F .k.\.r.a .s.p.h.o [0080] 00 6E 00 65 00 2E 00 70 00 62 00 6B 00 00 00 .n.e...p .b.k... [2011/10/11 16:43:39.472604, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.472665, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.472709, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.473158, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.473287, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.473335, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.473402, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk" [2011/10/11 16:43:39.473448, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk] [2011/10/11 16:43:39.473499, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, mask = rasphone.pbk [2011/10/11 16:43:39.473544, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.473601, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, expect_close = 1 [2011/10/11 16:43:39.473644, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.473686, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.473743, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.473789, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.473832, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.473874, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.473916, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.473957, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.474008, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.474076, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.474142, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[rasphone.pbk] found ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk fname=rasphone.pbk (rasphone.pbk) [2011/10/11 16:43:39.474194, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:39.474236, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:39.474281, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.474323, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.474391, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2011/10/11 16:43:39.474435, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2011/10/11 16:43:39.474477, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.474502, 5] lib/util.c:341(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64516 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2011/10/11 16:43:39.474878, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0020] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0030] E1 29 84 CC 01 00 00 00 00 00 00 00 00 00 00 00 .)...... ........ [0040] 00 00 00 00 00 80 00 00 00 18 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 72 00 61 00 73 ........ ...r.a.s [0070] 00 70 00 68 00 6F 00 6E 00 65 00 2E 00 70 00 62 .p.h.o.n .e...p.b [0080] 00 6B 00 00 00 .k... [2011/10/11 16:43:39.475223, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=rasphone.pbk directory=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk dirtype=22 numentries=1 [2011/10/11 16:43:39.475695, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.475745, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.475787, 3] smbd/process.c:1661(process_smb) Transaction 7989 of length 180 (0 toread) [2011/10/11 16:43:39.475829, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.475854, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64580 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.476309, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.476592, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.476639, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.476682, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.477131, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.477261, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.477308, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.477354, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.477424, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.477481, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.477532, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.477574, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.477619, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.477662, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.477706, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.477749, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.477790, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.477831, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.477881, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.477922, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Thu Oct 6 15:14:30 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.478059, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.478100, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.478157, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.478183, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64580 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.478559, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0010] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.479089, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 176 [2011/10/11 16:43:39.479139, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xb0 [2011/10/11 16:43:39.479181, 3] smbd/process.c:1661(process_smb) Transaction 7990 of length 180 (0 toread) [2011/10/11 16:43:39.479223, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.479248, 5] lib/util.c:341(show_msg) size=176 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64644 smt_wct=15 smb_vwv[ 0]= 108 (0x6C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 108 (0x6C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=111 [2011/10/11 16:43:39.479705, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 5C 00 5F 00 68 00 69 00 64 .P.b.k.\ ._.h.i.d [0060] 00 64 00 65 00 6E 00 50 00 62 00 6B 00 00 00 .d.e.n.P .b.k... [2011/10/11 16:43:39.479965, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.480010, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.480053, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.480503, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.480633, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.480695, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.480741, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk" [2011/10/11 16:43:39.480786, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk] [2011/10/11 16:43:39.480841, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk/_hiddenPbk hash 0xaf1904a5 [2011/10/11 16:43:39.480889, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.480932, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.480976, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.481020, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.481062, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.481105, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.481147, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.481188, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.481237, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.481280, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.481322, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.481364, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.481409, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64644 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.481787, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.482405, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 208 [2011/10/11 16:43:39.482455, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xd0 [2011/10/11 16:43:39.482497, 3] smbd/process.c:1661(process_smb) Transaction 7991 of length 212 (0 toread) [2011/10/11 16:43:39.482539, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.482564, 5] lib/util.c:341(show_msg) size=208 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64708 smt_wct=15 smb_vwv[ 0]= 140 (0x8C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 140 (0x8C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=143 [2011/10/11 16:43:39.483020, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 5F .n.s.\.P .b.k.\._ [0060] 00 68 00 69 00 64 00 64 00 65 00 6E 00 50 00 62 .h.i.d.d .e.n.P.b [0070] 00 6B 00 5C 00 72 00 61 00 73 00 70 00 68 00 6F .k.\.r.a .s.p.h.o [0080] 00 6E 00 65 00 2E 00 70 00 62 00 6B 00 00 00 .n.e...p .b.k... [2011/10/11 16:43:39.483363, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.483409, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.483452, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.483900, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.484029, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.484078, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.484127, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk" [2011/10/11 16:43:39.484172, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/_HIDDENPBK/RASPHONE.PBK] -> [ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk] [2011/10/11 16:43:39.484221, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, mask = rasphone.pbk [2011/10/11 16:43:39.484267, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk [2011/10/11 16:43:39.484322, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk/_hiddenPbk, expect_close = 1 [2011/10/11 16:43:39.484365, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.484407, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.484462, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.484508, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.484551, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:39.484593, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:39.484650, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.484690, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:39.484741, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.484808, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:39.484857, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[rasphone.pbk] found ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk fname=rasphone.pbk (rasphone.pbk) [2011/10/11 16:43:39.484908, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:39.484950, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:39.484995, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.485037, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.485104, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2011/10/11 16:43:39.485148, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2011/10/11 16:43:39.485190, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.485215, 5] lib/util.c:341(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64708 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2011/10/11 16:43:39.485618, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 00 FF 93 ........ .)...... [0020] E1 29 84 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .)...... .)...... [0030] E1 29 84 CC 01 00 00 00 00 00 00 00 00 00 00 00 .)...... ........ [0040] 00 00 00 00 00 80 00 00 00 18 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 72 00 61 00 73 ........ ...r.a.s [0070] 00 70 00 68 00 6F 00 6E 00 65 00 2E 00 70 00 62 .p.h.o.n .e...p.b [0080] 00 6B 00 00 00 .k... [2011/10/11 16:43:39.485963, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=rasphone.pbk directory=ando/Microsoft/Network/Connections/Pbk/_hiddenPbk dirtype=22 numentries=1 [2011/10/11 16:43:39.487132, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.487181, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.487224, 3] smbd/process.c:1661(process_smb) Transaction 7992 of length 158 (0 toread) [2011/10/11 16:43:39.487265, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.487290, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64772 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.487765, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.487988, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.488035, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.488078, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.488528, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.488659, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.488706, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.488752, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.488798, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.488854, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.488905, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.488947, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.488992, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.489035, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.489079, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.489122, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.489163, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.489205, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.489263, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.489319, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Mon Oct 10 16:50:41 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.489477, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.489520, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.489561, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.489586, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64772 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.489959, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 80 B6 03 ........ .)...... [0010] FB 5B 87 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .[...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.490469, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.490518, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.490561, 3] smbd/process.c:1661(process_smb) Transaction 7993 of length 158 (0 toread) [2011/10/11 16:43:39.490602, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.490627, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64836 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.491081, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.491303, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.491350, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.491393, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.491858, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.491989, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.492035, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.492081, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.492126, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.492181, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.492231, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.492273, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.492317, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.492361, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.492404, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.492447, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.492489, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.492531, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.492579, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.492622, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.492664, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.492707, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.492732, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64836 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.493108, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.493667, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 186 [2011/10/11 16:43:39.493720, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xba [2011/10/11 16:43:39.493762, 3] smbd/process.c:1661(process_smb) Transaction 7994 of length 190 (0 toread) [2011/10/11 16:43:39.493805, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.493830, 5] lib/util.c:341(show_msg) size=186 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64900 smt_wct=15 smb_vwv[ 0]= 118 (0x76) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 118 (0x76) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=121 [2011/10/11 16:43:39.494305, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 72 .n.s.\.P .b.k.\.r [0060] 00 61 00 73 00 70 00 68 00 6F 00 6E 00 65 00 2E .a.s.p.h .o.n.e.. [0070] 00 70 00 62 00 6B 00 00 00 .p.b.k.. . [2011/10/11 16:43:39.494594, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.494640, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.494684, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.495133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.495262, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.495312, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.495361, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/rasphone.pbk" [2011/10/11 16:43:39.495406, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/RASPHONE.PBK] [2011/10/11 16:43:39.495450, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.495499, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/rasphone.pbk, dirpath = ando/Microsoft/Network/Connections/Pbk, start = rasphone.pbk [2011/10/11 16:43:39.495551, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Network/Connections/Pbk/rasphone.pbk, dirpath = ando/Microsoft/Network/Connections/Pbk, start = rasphone.pbk [2011/10/11 16:43:39.495594, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.495636, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.495683, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.495737, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.495824, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled rasphone.pbk ? [2011/10/11 16:43:39.495867, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component rasphone.pbk (len 12) ? [2011/10/11 16:43:39.495909, 5] smbd/filename.c:781(unix_convert) New file rasphone.pbk [2011/10/11 16:43:39.495952, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk, mask = rasphone.pbk [2011/10/11 16:43:39.495996, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.496046, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk, expect_close = 1 [2011/10/11 16:43:39.496089, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = rasphone.pbk, attr = 22 [2011/10/11 16:43:39.496131, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.496190, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:39.496234, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:39.496288, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:39.496332, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: _hiddenPbk -> 735694E1 -> _W02X9~D (cache=0) [2011/10/11 16:43:39.496377, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.496420, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.496462, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.496514, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:39.496561, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.496586, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64900 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.496801, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.497296, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.497346, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.497408, 3] smbd/process.c:1661(process_smb) Transaction 7995 of length 158 (0 toread) [2011/10/11 16:43:39.497450, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.497475, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64964 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.497933, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.498157, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.498222, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.498267, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.498720, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.498851, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.498898, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:39.498945, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.498991, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.499046, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.499099, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.499141, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:39.499186, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:39.499230, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.499274, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.499317, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.499359, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.499400, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.499450, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:39.499492, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Oct 6 15:14:30 2011 access: Mon Oct 10 16:50:41 2011 write: Thu Oct 6 15:14:30 2011 change: Thu Oct 6 15:14:30 2011 mode: 10 [2011/10/11 16:43:39.499630, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:39.499672, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:39.499714, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.499740, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=64964 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:39.500131, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FF 93 E1 29 84 CC 01 80 B6 03 ........ .)...... [0010] FB 5B 87 CC 01 00 FF 93 E1 29 84 CC 01 00 FF 93 .[...... .)...... [0020] E1 29 84 CC 01 10 00 00 00 00 00 00 00 .)...... ..... [2011/10/11 16:43:39.500621, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 154 [2011/10/11 16:43:39.500671, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x9a [2011/10/11 16:43:39.500714, 3] smbd/process.c:1661(process_smb) Transaction 7996 of length 158 (0 toread) [2011/10/11 16:43:39.500756, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.500781, 5] lib/util.c:341(show_msg) size=154 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=65028 smt_wct=15 smb_vwv[ 0]= 86 (0x56) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 86 (0x56) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=89 [2011/10/11 16:43:39.501241, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 .o.\.M.i .c.r.o.s [0020] 00 6F 00 66 00 74 00 5C 00 4E 00 65 00 74 00 77 .o.f.t.\ .N.e.t.w [0030] 00 6F 00 72 00 6B 00 5C 00 43 00 6F 00 6E 00 6E .o.r.k.\ .C.o.n.n [0040] 00 65 00 63 00 74 00 69 00 6F 00 6E 00 73 00 5C .e.c.t.i .o.n.s.\ [0050] 00 50 00 62 00 6B 00 00 00 .P.b.k.. . [2011/10/11 16:43:39.501484, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.501530, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.501574, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.502025, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.502155, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.502202, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:39.502247, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk" [2011/10/11 16:43:39.502307, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.502362, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Network/Connections/Pbk hash 0xa06ade65 [2011/10/11 16:43:39.502411, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:39.502453, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:39.502497, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando/Microsoft/Network/Connections/Pbk (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:39.502541, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.502584, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:39.502626, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.502668, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:39.502709, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:39.502758, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:39.502800, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:39.502843, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:39.502885, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.502909, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=65028 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:39.503286, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:39.503853, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 172 [2011/10/11 16:43:39.503903, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xac [2011/10/11 16:43:39.503945, 3] smbd/process.c:1661(process_smb) Transaction 7997 of length 176 (0 toread) [2011/10/11 16:43:39.503987, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.504012, 5] lib/util.c:341(show_msg) size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=65092 smt_wct=15 smb_vwv[ 0]= 104 (0x68) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 104 (0x68) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=107 [2011/10/11 16:43:39.504469, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 4E .r.o.s.o .f.t.\.N [0030] 00 65 00 74 00 77 00 6F 00 72 00 6B 00 5C 00 43 .e.t.w.o .r.k.\.C [0040] 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 69 00 6F .o.n.n.e .c.t.i.o [0050] 00 6E 00 73 00 5C 00 50 00 62 00 6B 00 5C 00 3C .n.s.\.P .b.k.\.< [0060] 00 2E 00 50 00 42 00 4B 00 00 00 ...P.B.K ... [2011/10/11 16:43:39.504743, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:39.504789, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.504833, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.505283, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.505430, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.505480, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:39.505529, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Network/Connections/Pbk/<.PBK" [2011/10/11 16:43:39.505575, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK/<.PBK] [2011/10/11 16:43:39.505618, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/NETWORK/CONNECTIONS/PBK] -> [ando/Microsoft/Network/Connections/Pbk] [2011/10/11 16:43:39.505667, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Network/Connections/Pbk/<.PBK, dirpath = ando/Microsoft/Network/Connections/Pbk, start = <.PBK [2011/10/11 16:43:39.505716, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Network/Connections/Pbk/<.PBK, dirpath = ando/Microsoft/Network/Connections/Pbk, start = <.PBK [2011/10/11 16:43:39.505760, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled <.PBK ? [2011/10/11 16:43:39.505802, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component <.PBK (len 5) ? [2011/10/11 16:43:39.505845, 5] smbd/filename.c:609(unix_convert) Wildcard <.PBK [2011/10/11 16:43:39.505887, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Network/Connections/Pbk, mask = <.PBK [2011/10/11 16:43:39.505933, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Network/Connections/Pbk [2011/10/11 16:43:39.505987, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Network/Connections/Pbk, expect_close = 1 [2011/10/11 16:43:39.506030, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = <.PBK, attr = 22 [2011/10/11 16:43:39.506073, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:39.506121, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:39.506170, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:39.506245, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:39.506291, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: _hiddenPbk -> 735694E1 -> _W02X9~D (cache=0) [2011/10/11 16:43:39.506338, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:39.506381, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:39.506423, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:39.506490, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:39.506537, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.506562, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=560 smb_uid=102 smb_mid=65092 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.506777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.685312, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.685398, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.685443, 3] smbd/process.c:1661(process_smb) Transaction 7998 of length 45 (0 toread) [2011/10/11 16:43:39.685485, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.685510, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65156 smt_wct=3 smb_vwv[ 0]=18162 (0x46F2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.685776, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.685804, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.685852, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.685896, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.686352, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.686484, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.686529, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:39.686592, 3] smbd/reply.c:4850(reply_close) close fd=214 fnum=18162 (numopen=63) [2011/10/11 16:43:39.686635, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.686703, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Iview.lnk.svn-base, file_id = 801:c4650:0 gen_id = 723 has kernel oplock state of 1. [2011/10/11 16:43:39.686792, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005046 [2011/10/11 16:43:39.686847, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.686889, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.686957, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb09b, type= 0x3, gen_id = 723, uid = 0, flags = 0, file_id 801:c4650:0, name_hash = 0xdc547ba1 [2011/10/11 16:43:39.687009, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdc547ba1 [2011/10/11 16:43:39.687061, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005046 [2011/10/11 16:43:39.687117, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Iview.lnk.svn-base = 0 [2011/10/11 16:43:39.687162, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Iview.lnk.svn-base [2011/10/11 16:43:39.687210, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Iview.lnk.svn-base (numopen=62) NT_STATUS_OK [2011/10/11 16:43:39.687258, 5] smbd/files.c:464(file_free) freed files structure 18162 (174 used) [2011/10/11 16:43:39.687305, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.687330, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65156 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.687549, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.687886, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 35 [2011/10/11 16:43:39.687937, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x23 [2011/10/11 16:43:39.687979, 3] smbd/process.c:1661(process_smb) Transaction 7999 of length 39 (0 toread) [2011/10/11 16:43:39.688021, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.688046, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6 smb_pid=65279 smb_uid=102 smb_mid=65220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.688263, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.688290, 3] smbd/process.c:1466(switch_message) switch message SMBtdis (pid 8659) conn 0x7fc9b0c808c0 [2011/10/11 16:43:39.688333, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.688375, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.688416, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.688481, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.688525, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/netlogon [2011/10/11 16:43:39.688579, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.688621, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.688662, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.688723, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.688766, 1] smbd/service.c:1291(close_cnum) ts2008 (192.168.68.2) closed connection to service netlogon [2011/10/11 16:43:39.688814, 3] smbd/connection.c:35(yield_connection) Yielding connection to netlogon [2011/10/11 16:43:39.688944, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D3210000FFFFFFFF321B [2011/10/11 16:43:39.688994, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc36a0 [2011/10/11 16:43:39.689056, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D3210000FFFFFFFF321B [2011/10/11 16:43:39.689171, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/10/11 16:43:39.689216, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.689258, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.689298, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.689359, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.689438, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 784 - private_data=0x7fc9b0c81d30 [2011/10/11 16:43:39.689492, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.689517, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=6 smb_pid=65279 smb_uid=102 smb_mid=65220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.689732, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.690128, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.690179, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.690222, 3] smbd/process.c:1661(process_smb) Transaction 8000 of length 45 (0 toread) [2011/10/11 16:43:39.690264, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.690288, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65284 smt_wct=3 smb_vwv[ 0]=18163 (0x46F3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.690553, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.690581, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.690626, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.690670, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.691122, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.691251, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.691295, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:39.691349, 3] smbd/reply.c:4850(reply_close) close fd=215 fnum=18163 (numopen=62) [2011/10/11 16:43:39.691392, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.691475, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Wordpad.lnk.svn-base, file_id = 801:c464e:0 gen_id = 724 has kernel oplock state of 1. [2011/10/11 16:43:39.691537, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004E46 [2011/10/11 16:43:39.691587, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.691630, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.691695, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb127, type= 0x3, gen_id = 724, uid = 0, flags = 0, file_id 801:c464e:0, name_hash = 0x61727665 [2011/10/11 16:43:39.691746, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x61727665 [2011/10/11 16:43:39.691792, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004E46 [2011/10/11 16:43:39.691847, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Wordpad.lnk.svn-base = 0 [2011/10/11 16:43:39.691892, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Wordpad.lnk.svn-base [2011/10/11 16:43:39.691940, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Wordpad.lnk.svn-base (numopen=61) NT_STATUS_OK [2011/10/11 16:43:39.691986, 5] smbd/files.c:464(file_free) freed files structure 18163 (173 used) [2011/10/11 16:43:39.692032, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.692057, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65284 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.692273, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.692624, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 35 [2011/10/11 16:43:39.692674, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x23 [2011/10/11 16:43:39.692716, 3] smbd/process.c:1661(process_smb) Transaction 8001 of length 39 (0 toread) [2011/10/11 16:43:39.692758, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.692783, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=7 smb_pid=65279 smb_uid=102 smb_mid=65348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.692999, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.693026, 3] smbd/process.c:1466(switch_message) switch message SMBtdis (pid 8659) conn 0x7fc9b0c81940 [2011/10/11 16:43:39.693069, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.693112, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.693153, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.693218, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.693261, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2011/10/11 16:43:39.693313, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.693354, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.693437, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.693498, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.693560, 3] smbd/service.c:1291(close_cnum) ts2008 (192.168.68.2) closed connection to service IPC$ [2011/10/11 16:43:39.693607, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2011/10/11 16:43:39.693719, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D3210000FFFFFFFF321B [2011/10/11 16:43:39.693769, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc36a0 [2011/10/11 16:43:39.693821, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D3210000FFFFFFFF321B [2011/10/11 16:43:39.693936, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/10/11 16:43:39.693981, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.694023, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:39.694063, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:39.694125, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:39.694179, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.694205, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=7 smb_pid=65279 smb_uid=102 smb_mid=65348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.694420, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.694826, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.694877, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.694920, 3] smbd/process.c:1661(process_smb) Transaction 8002 of length 45 (0 toread) [2011/10/11 16:43:39.694962, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.694987, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65412 smt_wct=3 smb_vwv[ 0]=18166 (0x46F6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.695252, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.695279, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.695325, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.695368, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.695814, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.695943, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.695987, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:39.696042, 3] smbd/reply.c:4850(reply_close) close fd=218 fnum=18166 (numopen=61) [2011/10/11 16:43:39.696102, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.696166, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Mijn documenten.mydocs.svn-base, file_id = 801:e0c7a:0 gen_id = 727 has kernel oplock state of 1. [2011/10/11 16:43:39.696228, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000007A0C [2011/10/11 16:43:39.696277, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.696319, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.696384, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb517, type= 0x3, gen_id = 727, uid = 0, flags = 0, file_id 801:e0c7a:0, name_hash = 0xbba04fdf [2011/10/11 16:43:39.696436, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbba04fdf [2011/10/11 16:43:39.696481, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000007A0C [2011/10/11 16:43:39.696536, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Mijn documenten.mydocs.svn-base = 0 [2011/10/11 16:43:39.696581, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Mijn documenten.mydocs.svn-base [2011/10/11 16:43:39.696629, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Mijn documenten.mydocs.svn-base (numopen=60) NT_STATUS_OK [2011/10/11 16:43:39.696674, 5] smbd/files.c:464(file_free) freed files structure 18166 (172 used) [2011/10/11 16:43:39.696721, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.696746, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65412 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.696962, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.697368, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.697437, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.697480, 3] smbd/process.c:1661(process_smb) Transaction 8003 of length 45 (0 toread) [2011/10/11 16:43:39.697521, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.697546, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65476 smt_wct=3 smb_vwv[ 0]=18164 (0x46F4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.697812, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.697839, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.697884, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.697929, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.698391, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.698522, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.698574, 3] smbd/reply.c:4850(reply_close) close fd=216 fnum=18164 (numopen=60) [2011/10/11 16:43:39.698617, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.698676, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base, file_id = 801:c464d:0 gen_id = 725 has kernel oplock state of 1. [2011/10/11 16:43:39.698737, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004D46 [2011/10/11 16:43:39.698785, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bf2830 [2011/10/11 16:43:39.698827, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.698891, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb3f0, type= 0x3, gen_id = 725, uid = 0, flags = 0, file_id 801:c464d:0, name_hash = 0xb49e1966 [2011/10/11 16:43:39.698941, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb49e1966 [2011/10/11 16:43:39.698986, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004D46 [2011/10/11 16:43:39.699040, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base = 0 [2011/10/11 16:43:39.699086, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base [2011/10/11 16:43:39.699133, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base (numopen=59) NT_STATUS_OK [2011/10/11 16:43:39.699178, 5] smbd/files.c:464(file_free) freed files structure 18164 (171 used) [2011/10/11 16:43:39.699225, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.699250, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=65476 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.699466, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.699852, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.699902, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.699945, 3] smbd/process.c:1661(process_smb) Transaction 8004 of length 45 (0 toread) [2011/10/11 16:43:39.699987, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.700012, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=4 smt_wct=3 smb_vwv[ 0]=18165 (0x46F5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.700276, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.700303, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.700365, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.700410, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.700858, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.700990, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.701042, 3] smbd/reply.c:4850(reply_close) close fd=217 fnum=18165 (numopen=59) [2011/10/11 16:43:39.701085, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.701144, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/E-mailontvanger.MAPIMail.svn-base, file_id = 801:c464b:0 gen_id = 726 has kernel oplock state of 1. [2011/10/11 16:43:39.701204, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004B46 [2011/10/11 16:43:39.701253, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bf2820 [2011/10/11 16:43:39.701295, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.701360, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb45a, type= 0x3, gen_id = 726, uid = 0, flags = 0, file_id 801:c464b:0, name_hash = 0x55c0386 [2011/10/11 16:43:39.701429, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x55c0386 [2011/10/11 16:43:39.701475, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004B46 [2011/10/11 16:43:39.701529, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/E-mailontvanger.MAPIMail.svn-base = 0 [2011/10/11 16:43:39.701575, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/E-mailontvanger.MAPIMail.svn-base [2011/10/11 16:43:39.701622, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/E-mailontvanger.MAPIMail.svn-base (numopen=58) NT_STATUS_OK [2011/10/11 16:43:39.701667, 5] smbd/files.c:464(file_free) freed files structure 18165 (170 used) [2011/10/11 16:43:39.701714, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.701739, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=4 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.701956, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.702340, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.702407, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.702450, 3] smbd/process.c:1661(process_smb) Transaction 8005 of length 45 (0 toread) [2011/10/11 16:43:39.702492, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.702517, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=68 smt_wct=3 smb_vwv[ 0]=18168 (0x46F8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.702783, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.702811, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.702856, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.702901, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.703347, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.703478, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.703531, 3] smbd/reply.c:4850(reply_close) close fd=220 fnum=18168 (numopen=58) [2011/10/11 16:43:39.703575, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.703635, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Gecomprimeerde map.ZFSendToTarget.svn-base, file_id = 801:e0c78:0 gen_id = 729 has kernel oplock state of 1. [2011/10/11 16:43:39.703696, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000780C [2011/10/11 16:43:39.703748, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.703791, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.703855, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb684, type= 0x3, gen_id = 729, uid = 0, flags = 0, file_id 801:e0c78:0, name_hash = 0xf1b9fd66 [2011/10/11 16:43:39.703906, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf1b9fd66 [2011/10/11 16:43:39.703956, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000780C [2011/10/11 16:43:39.704010, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Gecomprimeerde map.ZFSendToTarget.svn-base = 0 [2011/10/11 16:43:39.704056, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Gecomprimeerde map.ZFSendToTarget.svn-base [2011/10/11 16:43:39.704118, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Gecomprimeerde map.ZFSendToTarget.svn-base (numopen=57) NT_STATUS_OK [2011/10/11 16:43:39.704164, 5] smbd/files.c:464(file_free) freed files structure 18168 (169 used) [2011/10/11 16:43:39.704212, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.704237, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=68 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.704453, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.704837, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.704887, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.704929, 3] smbd/process.c:1661(process_smb) Transaction 8006 of length 45 (0 toread) [2011/10/11 16:43:39.704972, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.704997, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=132 smt_wct=3 smb_vwv[ 0]=18167 (0x46F7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.705262, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.705289, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.705334, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.705399, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.705847, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.705978, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.706031, 3] smbd/reply.c:4850(reply_close) close fd=219 fnum=18167 (numopen=57) [2011/10/11 16:43:39.706074, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.706134, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/desktop.ini.svn-base, file_id = 801:e0c79:0 gen_id = 728 has kernel oplock state of 1. [2011/10/11 16:43:39.706194, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000790C [2011/10/11 16:43:39.706242, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.706284, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.706349, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb54e, type= 0x3, gen_id = 728, uid = 0, flags = 0, file_id 801:e0c79:0, name_hash = 0xe16fd030 [2011/10/11 16:43:39.706417, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe16fd030 [2011/10/11 16:43:39.706463, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000790C [2011/10/11 16:43:39.706518, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/desktop.ini.svn-base = 0 [2011/10/11 16:43:39.706562, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/desktop.ini.svn-base [2011/10/11 16:43:39.706609, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/desktop.ini.svn-base (numopen=56) NT_STATUS_OK [2011/10/11 16:43:39.706655, 5] smbd/files.c:464(file_free) freed files structure 18167 (168 used) [2011/10/11 16:43:39.706702, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.706728, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=132 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.706944, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.707327, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.707380, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.707422, 3] smbd/process.c:1661(process_smb) Transaction 8007 of length 45 (0 toread) [2011/10/11 16:43:39.707465, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.707490, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=196 smt_wct=3 smb_vwv[ 0]=18169 (0x46F9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.707757, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.707784, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.707829, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.707874, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.708322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.708454, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.708506, 3] smbd/reply.c:4850(reply_close) close fd=221 fnum=18169 (numopen=56) [2011/10/11 16:43:39.708549, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.708609, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Kladblok.lnk.svn-base, file_id = 801:e0c77:0 gen_id = 730 has kernel oplock state of 1. [2011/10/11 16:43:39.708687, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000770C [2011/10/11 16:43:39.708736, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.708778, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.708843, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc05b, type= 0x3, gen_id = 730, uid = 0, flags = 0, file_id 801:e0c77:0, name_hash = 0x93cbf08e [2011/10/11 16:43:39.708893, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x93cbf08e [2011/10/11 16:43:39.708939, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000770C [2011/10/11 16:43:39.708994, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Kladblok.lnk.svn-base = 0 [2011/10/11 16:43:39.709039, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Kladblok.lnk.svn-base [2011/10/11 16:43:39.709086, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Kladblok.lnk.svn-base (numopen=55) NT_STATUS_OK [2011/10/11 16:43:39.709131, 5] smbd/files.c:464(file_free) freed files structure 18169 (167 used) [2011/10/11 16:43:39.709175, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.709201, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=196 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.709438, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.709829, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.709879, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.709922, 3] smbd/process.c:1661(process_smb) Transaction 8008 of length 45 (0 toread) [2011/10/11 16:43:39.709965, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.709990, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=260 smt_wct=3 smb_vwv[ 0]=18170 (0x46FA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.710256, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.710283, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.710328, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.710372, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.710836, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.710968, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.711020, 3] smbd/reply.c:4850(reply_close) close fd=222 fnum=18170 (numopen=55) [2011/10/11 16:43:39.711063, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.711123, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Iview.lnk.svn-base, file_id = 801:e0c76:0 gen_id = 731 has kernel oplock state of 1. [2011/10/11 16:43:39.711184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000760C [2011/10/11 16:43:39.711232, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.711274, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.711338, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc0e7, type= 0x3, gen_id = 731, uid = 0, flags = 0, file_id 801:e0c76:0, name_hash = 0x56621f47 [2011/10/11 16:43:39.711389, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x56621f47 [2011/10/11 16:43:39.711434, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000760C [2011/10/11 16:43:39.711489, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Iview.lnk.svn-base = 0 [2011/10/11 16:43:39.711533, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Iview.lnk.svn-base [2011/10/11 16:43:39.711580, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Iview.lnk.svn-base (numopen=54) NT_STATUS_OK [2011/10/11 16:43:39.711625, 5] smbd/files.c:464(file_free) freed files structure 18170 (166 used) [2011/10/11 16:43:39.711672, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.711697, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=260 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.711912, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.712320, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.712370, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.712412, 3] smbd/process.c:1661(process_smb) Transaction 8009 of length 45 (0 toread) [2011/10/11 16:43:39.712455, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.712480, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=324 smt_wct=3 smb_vwv[ 0]=18172 (0x46FC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.712743, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.712770, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.712816, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.712859, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.713322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.713475, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.713527, 3] smbd/reply.c:4850(reply_close) close fd=224 fnum=18172 (numopen=54) [2011/10/11 16:43:39.713570, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.713629, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base, file_id = 801:e0c74:0 gen_id = 733 has kernel oplock state of 1. [2011/10/11 16:43:39.713691, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000740C [2011/10/11 16:43:39.713739, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.713781, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.713845, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc3b0, type= 0x3, gen_id = 733, uid = 0, flags = 0, file_id 801:e0c74:0, name_hash = 0x250637e [2011/10/11 16:43:39.713896, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x250637e [2011/10/11 16:43:39.713941, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000740C [2011/10/11 16:43:39.713996, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base = 0 [2011/10/11 16:43:39.714042, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base [2011/10/11 16:43:39.714090, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Bureaublad (snelkoppeling maken).DeskLink.svn-base (numopen=53) NT_STATUS_OK [2011/10/11 16:43:39.714135, 5] smbd/files.c:464(file_free) freed files structure 18172 (165 used) [2011/10/11 16:43:39.714184, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.714209, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=324 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.714424, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.714837, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.714888, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.714931, 3] smbd/process.c:1661(process_smb) Transaction 8010 of length 45 (0 toread) [2011/10/11 16:43:39.714973, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.715015, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=388 smt_wct=3 smb_vwv[ 0]=18173 (0x46FD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.715280, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.715307, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.715353, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.715396, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.715841, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.715971, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.716024, 3] smbd/reply.c:4850(reply_close) close fd=225 fnum=18173 (numopen=53) [2011/10/11 16:43:39.716066, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.716126, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/E-mailontvanger.MAPIMail.svn-base, file_id = 801:e0c65:0 gen_id = 734 has kernel oplock state of 1. [2011/10/11 16:43:39.716186, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000650C [2011/10/11 16:43:39.716234, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.716276, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.716340, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc41a, type= 0x3, gen_id = 734, uid = 0, flags = 0, file_id 801:e0c65:0, name_hash = 0x325a772a [2011/10/11 16:43:39.716391, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x325a772a [2011/10/11 16:43:39.716436, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000650C [2011/10/11 16:43:39.716490, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/E-mailontvanger.MAPIMail.svn-base = 0 [2011/10/11 16:43:39.716536, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/E-mailontvanger.MAPIMail.svn-base [2011/10/11 16:43:39.716583, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/E-mailontvanger.MAPIMail.svn-base (numopen=52) NT_STATUS_OK [2011/10/11 16:43:39.716628, 5] smbd/files.c:464(file_free) freed files structure 18173 (164 used) [2011/10/11 16:43:39.716690, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.716716, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=388 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.716931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.717331, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.717400, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.717444, 3] smbd/process.c:1661(process_smb) Transaction 8011 of length 45 (0 toread) [2011/10/11 16:43:39.717486, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.717511, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=452 smt_wct=3 smb_vwv[ 0]=18171 (0x46FB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.717775, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.717803, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.717848, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.717892, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.718336, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.718467, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.718518, 3] smbd/reply.c:4850(reply_close) close fd=223 fnum=18171 (numopen=52) [2011/10/11 16:43:39.718560, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.718621, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/text-base/Wordpad.lnk.svn-base, file_id = 801:e0c75:0 gen_id = 732 has kernel oplock state of 1. [2011/10/11 16:43:39.718681, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000750C [2011/10/11 16:43:39.718729, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.718771, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.718836, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc317, type= 0x3, gen_id = 732, uid = 0, flags = 0, file_id 801:e0c75:0, name_hash = 0xde800d56 [2011/10/11 16:43:39.718886, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xde800d56 [2011/10/11 16:43:39.718948, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000750C [2011/10/11 16:43:39.719003, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Wordpad.lnk.svn-base = 0 [2011/10/11 16:43:39.719047, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/text-base/Wordpad.lnk.svn-base [2011/10/11 16:43:39.719094, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/text-base/Wordpad.lnk.svn-base (numopen=51) NT_STATUS_OK [2011/10/11 16:43:39.719139, 5] smbd/files.c:464(file_free) freed files structure 18171 (163 used) [2011/10/11 16:43:39.719185, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.719211, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=452 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.719426, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.719844, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.719896, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.719938, 3] smbd/process.c:1661(process_smb) Transaction 8012 of length 45 (0 toread) [2011/10/11 16:43:39.719980, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.720005, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=516 smt_wct=3 smb_vwv[ 0]=18174 (0x46FE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.720269, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.720296, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.720342, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.720386, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.720829, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.720959, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.721010, 3] smbd/reply.c:4850(reply_close) close fd=226 fnum=18174 (numopen=51) [2011/10/11 16:43:39.721053, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.721112, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Cookies/index.dat, file_id = 801:944bd:0 gen_id = 735 has kernel oplock state of 1. [2011/10/11 16:43:39.721173, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BD44 [2011/10/11 16:43:39.721221, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.721286, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 13:25:40 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.721351, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc484, type= 0x3, gen_id = 735, uid = 0, flags = 0, file_id 801:944bd:0, name_hash = 0x77432171 [2011/10/11 16:43:39.721421, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x77432171 [2011/10/11 16:43:39.721467, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BD44 [2011/10/11 16:43:39.721521, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Cookies/index.dat = 0 [2011/10/11 16:43:39.721566, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Cookies/index.dat [2011/10/11 16:43:39.721614, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Cookies/index.dat (numopen=50) NT_STATUS_OK [2011/10/11 16:43:39.721658, 5] smbd/files.c:464(file_free) freed files structure 18174 (162 used) [2011/10/11 16:43:39.721704, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.721730, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=516 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.721946, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.722354, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.722404, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.722447, 3] smbd/process.c:1661(process_smb) Transaction 8013 of length 45 (0 toread) [2011/10/11 16:43:39.722489, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.722513, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=580 smt_wct=3 smb_vwv[ 0]=18175 (0x46FF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.722777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.722804, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.722849, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.722893, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.723336, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.723465, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.723533, 3] smbd/reply.c:4850(reply_close) close fd=227 fnum=18175 (numopen=50) [2011/10/11 16:43:39.723577, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.723637, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Cookies/.svn/entries, file_id = 801:98508:0 gen_id = 736 has kernel oplock state of 1. [2011/10/11 16:43:39.723696, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000885 [2011/10/11 16:43:39.723744, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.723787, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.723850, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc50e, type= 0x3, gen_id = 736, uid = 0, flags = 0, file_id 801:98508:0, name_hash = 0x3c56af93 [2011/10/11 16:43:39.723900, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3c56af93 [2011/10/11 16:43:39.723945, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000885 [2011/10/11 16:43:39.723999, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Cookies/.svn/entries = 0 [2011/10/11 16:43:39.724043, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Cookies/.svn/entries [2011/10/11 16:43:39.724089, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Cookies/.svn/entries (numopen=49) NT_STATUS_OK [2011/10/11 16:43:39.724133, 5] smbd/files.c:464(file_free) freed files structure 18175 (161 used) [2011/10/11 16:43:39.724177, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.724202, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=580 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.724416, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.724823, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.724872, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.724914, 3] smbd/process.c:1661(process_smb) Transaction 8014 of length 45 (0 toread) [2011/10/11 16:43:39.724956, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.724981, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=644 smt_wct=3 smb_vwv[ 0]=18176 (0x4700) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.725244, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.725271, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.725316, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.725359, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.725838, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.725969, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.726023, 3] smbd/reply.c:4850(reply_close) close fd=228 fnum=18176 (numopen=49) [2011/10/11 16:43:39.726065, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.726125, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Sjablonen/.svn/entries, file_id = 801:944ae:0 gen_id = 737 has kernel oplock state of 1. [2011/10/11 16:43:39.726184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AE44 [2011/10/11 16:43:39.726232, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.726275, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.726339, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd01b, type= 0x3, gen_id = 737, uid = 0, flags = 0, file_id 801:944ae:0, name_hash = 0xfcb80d16 [2011/10/11 16:43:39.726389, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfcb80d16 [2011/10/11 16:43:39.726434, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AE44 [2011/10/11 16:43:39.726489, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Sjablonen/.svn/entries = 0 [2011/10/11 16:43:39.726533, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Sjablonen/.svn/entries [2011/10/11 16:43:39.726579, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Sjablonen/.svn/entries (numopen=48) NT_STATUS_OK [2011/10/11 16:43:39.726623, 5] smbd/files.c:464(file_free) freed files structure 18176 (160 used) [2011/10/11 16:43:39.726670, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.726695, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=644 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.726909, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.727327, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.727379, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.727421, 3] smbd/process.c:1661(process_smb) Transaction 8015 of length 45 (0 toread) [2011/10/11 16:43:39.727463, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.727488, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=708 smt_wct=3 smb_vwv[ 0]=18177 (0x4701) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.727751, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.727778, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.727824, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.727868, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.728334, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.728465, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.728516, 3] smbd/reply.c:4850(reply_close) close fd=229 fnum=18177 (numopen=48) [2011/10/11 16:43:39.728559, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.728618, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/WINDOWS/system/.svn/entries, file_id = 801:131c57:0 gen_id = 738 has kernel oplock state of 1. [2011/10/11 16:43:39.728680, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000571C [2011/10/11 16:43:39.728732, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.728774, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.728839, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd0a7, type= 0x3, gen_id = 738, uid = 0, flags = 0, file_id 801:131c57:0, name_hash = 0xf159368d [2011/10/11 16:43:39.728889, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf159368d [2011/10/11 16:43:39.728938, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000571C [2011/10/11 16:43:39.728993, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/WINDOWS/system/.svn/entries = 0 [2011/10/11 16:43:39.729037, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/WINDOWS/system/.svn/entries [2011/10/11 16:43:39.729083, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/WINDOWS/system/.svn/entries (numopen=47) NT_STATUS_OK [2011/10/11 16:43:39.729128, 5] smbd/files.c:464(file_free) freed files structure 18177 (159 used) [2011/10/11 16:43:39.729174, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.729199, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=708 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.729436, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.729839, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.729890, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.729932, 3] smbd/process.c:1661(process_smb) Transaction 8016 of length 45 (0 toread) [2011/10/11 16:43:39.729974, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.729999, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=772 smt_wct=3 smb_vwv[ 0]=18178 (0x4702) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.730283, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.730309, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.730356, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.730400, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.730847, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.730978, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.731030, 3] smbd/reply.c:4850(reply_close) close fd=230 fnum=18178 (numopen=47) [2011/10/11 16:43:39.731073, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.731134, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/WINDOWS/.svn/entries, file_id = 801:10ca4c:0 gen_id = 739 has kernel oplock state of 1. [2011/10/11 16:43:39.731194, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004CCA [2011/10/11 16:43:39.731243, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.731286, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.731350, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd1b0, type= 0x3, gen_id = 739, uid = 0, flags = 0, file_id 801:10ca4c:0, name_hash = 0x6a37c65c [2011/10/11 16:43:39.731400, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6a37c65c [2011/10/11 16:43:39.731446, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004CCA [2011/10/11 16:43:39.731500, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/WINDOWS/.svn/entries = 0 [2011/10/11 16:43:39.731544, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/WINDOWS/.svn/entries [2011/10/11 16:43:39.731591, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/WINDOWS/.svn/entries (numopen=46) NT_STATUS_OK [2011/10/11 16:43:39.731635, 5] smbd/files.c:464(file_free) freed files structure 18178 (158 used) [2011/10/11 16:43:39.731680, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.731705, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=772 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.731936, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.732310, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.732359, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.732401, 3] smbd/process.c:1661(process_smb) Transaction 8017 of length 45 (0 toread) [2011/10/11 16:43:39.732443, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.732468, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=836 smt_wct=3 smb_vwv[ 0]=18181 (0x4705) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.732732, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.732758, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.732803, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.732847, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.733289, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.733441, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.733493, 3] smbd/reply.c:4850(reply_close) close fd=233 fnum=18181 (numopen=46) [2011/10/11 16:43:39.733536, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.733595, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG2, file_id = 801:105b76:0 gen_id = 742 has kernel oplock state of 1. [2011/10/11 16:43:39.733655, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000765B [2011/10/11 16:43:39.733703, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.733745, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:09:54 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.733809, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd444, type= 0x3, gen_id = 742, uid = 0, flags = 0, file_id 801:105b76:0, name_hash = 0x7278bc84 [2011/10/11 16:43:39.733859, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7278bc84 [2011/10/11 16:43:39.733904, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000765B [2011/10/11 16:43:39.733958, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG2 = 0 [2011/10/11 16:43:39.734021, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG2 [2011/10/11 16:43:39.734071, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG2 (numopen=45) NT_STATUS_OK [2011/10/11 16:43:39.734116, 5] smbd/files.c:464(file_free) freed files structure 18181 (157 used) [2011/10/11 16:43:39.734161, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.734186, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=836 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.734404, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.734814, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.734864, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.734907, 3] smbd/process.c:1661(process_smb) Transaction 8018 of length 45 (0 toread) [2011/10/11 16:43:39.734949, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.734974, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=900 smt_wct=3 smb_vwv[ 0]=18180 (0x4704) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.735241, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.735268, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.735314, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.735359, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.735807, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.735938, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.735988, 3] smbd/reply.c:4850(reply_close) close fd=232 fnum=18180 (numopen=45) [2011/10/11 16:43:39.736031, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.736091, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Internet Explorer/frameiconcache.dat, file_id = 801:d1a6a:0 gen_id = 741 has kernel oplock state of 1. [2011/10/11 16:43:39.736151, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006A1A [2011/10/11 16:43:39.736199, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c156f0 [2011/10/11 16:43:39.736241, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 14:18:16 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.736324, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd2d7, type= 0x3, gen_id = 741, uid = 0, flags = 0, file_id 801:d1a6a:0, name_hash = 0x73ad6173 [2011/10/11 16:43:39.736374, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73ad6173 [2011/10/11 16:43:39.736419, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006A1A [2011/10/11 16:43:39.736474, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Internet Explorer/frameiconcache.dat = 0 [2011/10/11 16:43:39.736519, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Internet Explorer/frameiconcache.dat [2011/10/11 16:43:39.736566, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Internet Explorer/frameiconcache.dat (numopen=44) NT_STATUS_OK [2011/10/11 16:43:39.736612, 5] smbd/files.c:464(file_free) freed files structure 18180 (156 used) [2011/10/11 16:43:39.736658, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.736683, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=900 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.736899, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.737282, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.737332, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.737394, 3] smbd/process.c:1661(process_smb) Transaction 8019 of length 45 (0 toread) [2011/10/11 16:43:39.737438, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.737463, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=964 smt_wct=3 smb_vwv[ 0]=18179 (0x4703) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.737728, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.737754, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.737799, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.737843, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.738288, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.738419, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.738486, 3] smbd/reply.c:4850(reply_close) close fd=231 fnum=18179 (numopen=44) [2011/10/11 16:43:39.738529, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.738589, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/IconCache.db, file_id = 801:f8cab:0 gen_id = 740 has kernel oplock state of 1. [2011/10/11 16:43:39.738648, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB8C [2011/10/11 16:43:39.738696, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.738738, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Oct 10 16:46:54 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.738803, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd21a, type= 0x3, gen_id = 740, uid = 0, flags = 0, file_id 801:f8cab:0, name_hash = 0x7f790d51 [2011/10/11 16:43:39.738853, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7f790d51 [2011/10/11 16:43:39.738898, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB8C [2011/10/11 16:43:39.738952, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/IconCache.db = 0 [2011/10/11 16:43:39.738997, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/IconCache.db [2011/10/11 16:43:39.739043, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/IconCache.db (numopen=43) NT_STATUS_OK [2011/10/11 16:43:39.739087, 5] smbd/files.c:464(file_free) freed files structure 18179 (155 used) [2011/10/11 16:43:39.739134, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.739159, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=964 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.739374, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.739776, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.739827, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.739869, 3] smbd/process.c:1661(process_smb) Transaction 8020 of length 45 (0 toread) [2011/10/11 16:43:39.739911, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.739936, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1028 smt_wct=3 smb_vwv[ 0]=18182 (0x4706) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.740201, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.740228, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.740273, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.740317, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.740777, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.740908, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.740958, 3] smbd/reply.c:4850(reply_close) close fd=234 fnum=18182 (numopen=43) [2011/10/11 16:43:39.741001, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.741060, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000002.regtrans-ms, file_id = 801:105b72:0 gen_id = 743 has kernel oplock state of 1. [2011/10/11 16:43:39.741121, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000725B [2011/10/11 16:43:39.741169, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3860 [2011/10/11 16:43:39.741211, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 13:59:15 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.741275, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd4ce, type= 0x3, gen_id = 743, uid = 0, flags = 0, file_id 801:105b72:0, name_hash = 0x6a739ae6 [2011/10/11 16:43:39.741325, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6a739ae6 [2011/10/11 16:43:39.741370, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000725B [2011/10/11 16:43:39.741445, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000002.regtrans-ms = 0 [2011/10/11 16:43:39.741491, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000002.regtrans-ms [2011/10/11 16:43:39.741539, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000002.regtrans-ms (numopen=42) NT_STATUS_OK [2011/10/11 16:43:39.741585, 5] smbd/files.c:464(file_free) freed files structure 18182 (154 used) [2011/10/11 16:43:39.741632, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.741657, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1028 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.741872, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.742263, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.742314, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.742356, 3] smbd/process.c:1661(process_smb) Transaction 8021 of length 45 (0 toread) [2011/10/11 16:43:39.742398, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.742423, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1092 smt_wct=3 smb_vwv[ 0]=18183 (0x4707) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.742706, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.742734, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.742779, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.742823, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.743267, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.743397, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.743450, 3] smbd/reply.c:4850(reply_close) close fd=235 fnum=18183 (numopen=42) [2011/10/11 16:43:39.743493, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.743553, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000001.regtrans-ms, file_id = 801:105b70:0 gen_id = 744 has kernel oplock state of 1. [2011/10/11 16:43:39.743614, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000705B [2011/10/11 16:43:39.743662, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3860 [2011/10/11 16:43:39.743704, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 13:59:15 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.743768, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xdfdb, type= 0x3, gen_id = 744, uid = 0, flags = 0, file_id 801:105b70:0, name_hash = 0xc55e46a8 [2011/10/11 16:43:39.743818, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc55e46a8 [2011/10/11 16:43:39.743863, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000705B [2011/10/11 16:43:39.743917, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000001.regtrans-ms = 0 [2011/10/11 16:43:39.743963, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000001.regtrans-ms [2011/10/11 16:43:39.744011, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TMContainer00000000000000000001.regtrans-ms (numopen=41) NT_STATUS_OK [2011/10/11 16:43:39.744056, 5] smbd/files.c:464(file_free) freed files structure 18183 (153 used) [2011/10/11 16:43:39.744119, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.744145, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1092 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.744358, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.744774, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.744824, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.744866, 3] smbd/process.c:1661(process_smb) Transaction 8022 of length 45 (0 toread) [2011/10/11 16:43:39.744908, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.744933, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1156 smt_wct=3 smb_vwv[ 0]=18184 (0x4708) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.745195, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.745222, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.745267, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.745310, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.745774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.745904, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.745954, 3] smbd/reply.c:4850(reply_close) close fd=236 fnum=18184 (numopen=41) [2011/10/11 16:43:39.745996, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.746055, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TM.blf, file_id = 801:105b6f:0 gen_id = 745 has kernel oplock state of 1. [2011/10/11 16:43:39.746116, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006F5B [2011/10/11 16:43:39.746164, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.746206, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 13:59:15 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.746270, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xe427, type= 0x3, gen_id = 745, uid = 0, flags = 0, file_id 801:105b6f:0, name_hash = 0x394bd3a0 [2011/10/11 16:43:39.746319, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x394bd3a0 [2011/10/11 16:43:39.746382, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006F5B [2011/10/11 16:43:39.746437, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TM.blf = 0 [2011/10/11 16:43:39.746483, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TM.blf [2011/10/11 16:43:39.746530, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat{5c6173e4-f0cc-11e0-99ee-001b21b41f96}.TM.blf (numopen=40) NT_STATUS_OK [2011/10/11 16:43:39.746576, 5] smbd/files.c:464(file_free) freed files structure 18184 (152 used) [2011/10/11 16:43:39.746622, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.746648, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1156 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.746862, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.747257, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.747308, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.747350, 3] smbd/process.c:1661(process_smb) Transaction 8023 of length 45 (0 toread) [2011/10/11 16:43:39.747392, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.747417, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1220 smt_wct=3 smb_vwv[ 0]=18185 (0x4709) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.747680, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.747707, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.747752, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.747796, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.748237, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.748367, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.748418, 3] smbd/reply.c:4850(reply_close) close fd=237 fnum=18185 (numopen=40) [2011/10/11 16:43:39.748460, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.748520, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat, file_id = 801:105b75:0 gen_id = 746 has kernel oplock state of 1. [2011/10/11 16:43:39.748595, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000755B [2011/10/11 16:43:39.748643, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.748686, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:33:43 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.748750, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xe530, type= 0x3, gen_id = 746, uid = 0, flags = 0, file_id 801:105b75:0, name_hash = 0xf96e1954 [2011/10/11 16:43:39.748799, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf96e1954 [2011/10/11 16:43:39.748845, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000755B [2011/10/11 16:43:39.748899, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat = 0 [2011/10/11 16:43:39.748944, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat [2011/10/11 16:43:39.748991, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat (numopen=39) NT_STATUS_OK [2011/10/11 16:43:39.749035, 5] smbd/files.c:464(file_free) freed files structure 18185 (151 used) [2011/10/11 16:43:39.749083, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.749109, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.749324, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.749709, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.749762, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.749804, 3] smbd/process.c:1661(process_smb) Transaction 8024 of length 45 (0 toread) [2011/10/11 16:43:39.749846, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.749871, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1284 smt_wct=3 smb_vwv[ 0]=18186 (0x470A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.750135, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.750162, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.750207, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.750250, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.750693, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.750839, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.750891, 3] smbd/reply.c:4850(reply_close) close fd=238 fnum=18186 (numopen=39) [2011/10/11 16:43:39.750933, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.750993, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG1, file_id = 801:105b74:0 gen_id = 747 has kernel oplock state of 1. [2011/10/11 16:43:39.751053, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000745B [2011/10/11 16:43:39.751105, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.751148, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:37:06 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.751212, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xe884, type= 0x3, gen_id = 747, uid = 0, flags = 0, file_id 801:105b74:0, name_hash = 0xa29e015b [2011/10/11 16:43:39.751262, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa29e015b [2011/10/11 16:43:39.751312, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000745B [2011/10/11 16:43:39.751366, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG1 = 0 [2011/10/11 16:43:39.751411, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG1 [2011/10/11 16:43:39.751458, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/UsrClass.dat.LOG1 (numopen=38) NT_STATUS_OK [2011/10/11 16:43:39.751503, 5] smbd/files.c:464(file_free) freed files structure 18186 (150 used) [2011/10/11 16:43:39.751548, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.751573, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1284 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.751786, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.752199, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.752248, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.752290, 3] smbd/process.c:1661(process_smb) Transaction 8025 of length 45 (0 toread) [2011/10/11 16:43:39.752332, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.752357, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1348 smt_wct=3 smb_vwv[ 0]=18187 (0x470B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.752619, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.752646, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.752691, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.752735, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.753196, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.753327, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.753398, 3] smbd/reply.c:4850(reply_close) close fd=239 fnum=18187 (numopen=38) [2011/10/11 16:43:39.753442, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.753501, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Burn/Burn/desktop.ini, file_id = 801:a4c24:0 gen_id = 748 has kernel oplock state of 1. [2011/10/11 16:43:39.753561, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000244C [2011/10/11 16:43:39.753609, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.753652, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.753716, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xe8d7, type= 0x3, gen_id = 748, uid = 0, flags = 0, file_id 801:a4c24:0, name_hash = 0x7057aef1 [2011/10/11 16:43:39.753765, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7057aef1 [2011/10/11 16:43:39.753811, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000244C [2011/10/11 16:43:39.753865, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Burn/Burn/desktop.ini = 0 [2011/10/11 16:43:39.753910, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Burn/Burn/desktop.ini [2011/10/11 16:43:39.753957, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Burn/Burn/desktop.ini (numopen=37) NT_STATUS_OK [2011/10/11 16:43:39.754003, 5] smbd/files.c:464(file_free) freed files structure 18187 (149 used) [2011/10/11 16:43:39.754050, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.754076, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.754292, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.754727, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.754778, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.754821, 3] smbd/process.c:1661(process_smb) Transaction 8026 of length 45 (0 toread) [2011/10/11 16:43:39.754863, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.754888, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1412 smt_wct=3 smb_vwv[ 0]=18188 (0x470C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.755172, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.755199, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.755244, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.755288, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.755731, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.755861, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.755912, 3] smbd/reply.c:4850(reply_close) close fd=240 fnum=18188 (numopen=37) [2011/10/11 16:43:39.755954, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.756013, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db, file_id = 801:9c9d6:0 gen_id = 749 has kernel oplock state of 1. [2011/10/11 16:43:39.756074, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000D6C9 [2011/10/11 16:43:39.756121, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3840 [2011/10/11 16:43:39.756164, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:33:42 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.756228, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xed99, type= 0x3, gen_id = 749, uid = 0, flags = 0, file_id 801:9c9d6:0, name_hash = 0x355bb149 [2011/10/11 16:43:39.756277, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x355bb149 [2011/10/11 16:43:39.756322, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000D6C9 [2011/10/11 16:43:39.756376, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db = 0 [2011/10/11 16:43:39.756422, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db [2011/10/11 16:43:39.756469, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db (numopen=36) NT_STATUS_OK [2011/10/11 16:43:39.756515, 5] smbd/files.c:464(file_free) freed files structure 18188 (148 used) [2011/10/11 16:43:39.756577, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.756602, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1412 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.756818, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.757225, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.757274, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.757316, 3] smbd/process.c:1661(process_smb) Transaction 8027 of length 45 (0 toread) [2011/10/11 16:43:39.757358, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.757406, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1476 smt_wct=3 smb_vwv[ 0]=18189 (0x470D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.757671, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.757698, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.757743, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.757786, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.758229, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.758360, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.758410, 3] smbd/reply.c:4850(reply_close) close fd=241 fnum=18189 (numopen=36) [2011/10/11 16:43:39.758452, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.758512, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/cversions.1.db, file_id = 801:9c9d5:0 gen_id = 750 has kernel oplock state of 1. [2011/10/11 16:43:39.758572, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000D5C9 [2011/10/11 16:43:39.758620, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.758662, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 14:52:16 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.758726, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeee6, type= 0x3, gen_id = 750, uid = 0, flags = 0, file_id 801:9c9d5:0, name_hash = 0x94d316ff [2011/10/11 16:43:39.758776, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x94d316ff [2011/10/11 16:43:39.758838, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000D5C9 [2011/10/11 16:43:39.758893, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/cversions.1.db = 0 [2011/10/11 16:43:39.758938, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/cversions.1.db [2011/10/11 16:43:39.758985, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Caches/cversions.1.db (numopen=35) NT_STATUS_OK [2011/10/11 16:43:39.759030, 5] smbd/files.c:464(file_free) freed files structure 18189 (147 used) [2011/10/11 16:43:39.759077, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.759102, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1476 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.759317, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.759738, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.759789, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.759832, 3] smbd/process.c:1661(process_smb) Transaction 8028 of length 45 (0 toread) [2011/10/11 16:43:39.759874, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.759898, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1540 smt_wct=3 smb_vwv[ 0]=18190 (0x470E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.760162, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.760189, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.760234, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.760278, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.760719, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.760849, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.760901, 3] smbd/reply.c:4850(reply_close) close fd=242 fnum=18190 (numopen=35) [2011/10/11 16:43:39.760943, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.761002, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_1024.db, file_id = 801:98695:0 gen_id = 751 has kernel oplock state of 1. [2011/10/11 16:43:39.761062, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009586 [2011/10/11 16:43:39.761128, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.761171, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.761235, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x14e, type= 0x3, gen_id = 751, uid = 0, flags = 0, file_id 801:98695:0, name_hash = 0xf430189f [2011/10/11 16:43:39.761285, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf430189f [2011/10/11 16:43:39.761331, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009586 [2011/10/11 16:43:39.761404, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_1024.db = 0 [2011/10/11 16:43:39.761452, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_1024.db [2011/10/11 16:43:39.761499, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_1024.db (numopen=34) NT_STATUS_OK [2011/10/11 16:43:39.761544, 5] smbd/files.c:464(file_free) freed files structure 18190 (146 used) [2011/10/11 16:43:39.761592, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.761618, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1540 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.761835, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.762241, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.762291, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.762334, 3] smbd/process.c:1661(process_smb) Transaction 8029 of length 45 (0 toread) [2011/10/11 16:43:39.762376, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.762401, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1604 smt_wct=3 smb_vwv[ 0]=18192 (0x4710) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.762667, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.762694, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.762740, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.762784, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.763230, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.763378, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.763430, 3] smbd/reply.c:4850(reply_close) close fd=244 fnum=18192 (numopen=34) [2011/10/11 16:43:39.763472, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.763531, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_sr.db, file_id = 801:98693:0 gen_id = 753 has kernel oplock state of 1. [2011/10/11 16:43:39.763591, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009386 [2011/10/11 16:43:39.763643, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.763685, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.763749, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x466, type= 0x3, gen_id = 753, uid = 0, flags = 0, file_id 801:98693:0, name_hash = 0xc635a1fb [2011/10/11 16:43:39.763800, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc635a1fb [2011/10/11 16:43:39.763849, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009386 [2011/10/11 16:43:39.763903, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_sr.db = 0 [2011/10/11 16:43:39.763948, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_sr.db [2011/10/11 16:43:39.763995, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_sr.db (numopen=33) NT_STATUS_OK [2011/10/11 16:43:39.764040, 5] smbd/files.c:464(file_free) freed files structure 18192 (145 used) [2011/10/11 16:43:39.764086, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.764111, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1604 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.764327, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.764731, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.764781, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.764823, 3] smbd/process.c:1661(process_smb) Transaction 8030 of length 45 (0 toread) [2011/10/11 16:43:39.764865, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.764890, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1668 smt_wct=3 smb_vwv[ 0]=18193 (0x4711) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.765155, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.765182, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.765228, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.765271, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.765752, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.765883, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.765935, 3] smbd/reply.c:4850(reply_close) close fd=245 fnum=18193 (numopen=33) [2011/10/11 16:43:39.765978, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.766038, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_32.db, file_id = 801:98692:0 gen_id = 754 has kernel oplock state of 1. [2011/10/11 16:43:39.766098, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009286 [2011/10/11 16:43:39.766146, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.766189, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.766253, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x598, type= 0x3, gen_id = 754, uid = 0, flags = 0, file_id 801:98692:0, name_hash = 0x2a3c5ad8 [2011/10/11 16:43:39.766302, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2a3c5ad8 [2011/10/11 16:43:39.766347, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009286 [2011/10/11 16:43:39.766401, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_32.db = 0 [2011/10/11 16:43:39.766446, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_32.db [2011/10/11 16:43:39.766493, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_32.db (numopen=32) NT_STATUS_OK [2011/10/11 16:43:39.766538, 5] smbd/files.c:464(file_free) freed files structure 18193 (144 used) [2011/10/11 16:43:39.766584, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.766610, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1668 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.766826, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.767232, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.767283, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.767325, 3] smbd/process.c:1661(process_smb) Transaction 8031 of length 45 (0 toread) [2011/10/11 16:43:39.767367, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.767392, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1732 smt_wct=3 smb_vwv[ 0]=18191 (0x470F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.767673, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.767701, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.767747, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.767790, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.768232, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.768362, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.768412, 3] smbd/reply.c:4850(reply_close) close fd=243 fnum=18191 (numopen=32) [2011/10/11 16:43:39.768455, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.768514, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_256.db, file_id = 801:98694:0 gen_id = 752 has kernel oplock state of 1. [2011/10/11 16:43:39.768574, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009486 [2011/10/11 16:43:39.768622, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.768664, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.768728, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3e2, type= 0x3, gen_id = 752, uid = 0, flags = 0, file_id 801:98694:0, name_hash = 0xccc72894 [2011/10/11 16:43:39.768778, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xccc72894 [2011/10/11 16:43:39.768823, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009486 [2011/10/11 16:43:39.768877, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_256.db = 0 [2011/10/11 16:43:39.768923, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_256.db [2011/10/11 16:43:39.768970, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_256.db (numopen=31) NT_STATUS_OK [2011/10/11 16:43:39.769015, 5] smbd/files.c:464(file_free) freed files structure 18191 (143 used) [2011/10/11 16:43:39.769062, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.769087, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1732 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.769318, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.769703, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.769754, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.769797, 3] smbd/process.c:1661(process_smb) Transaction 8032 of length 45 (0 toread) [2011/10/11 16:43:39.769839, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.769864, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1796 smt_wct=3 smb_vwv[ 0]=18194 (0x4712) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.770128, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.770154, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.770200, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.770244, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.770729, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.770861, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.770912, 3] smbd/reply.c:4850(reply_close) close fd=246 fnum=18194 (numopen=31) [2011/10/11 16:43:39.770955, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.771016, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_96.db, file_id = 801:98691:0 gen_id = 755 has kernel oplock state of 1. [2011/10/11 16:43:39.771078, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009186 [2011/10/11 16:43:39.771127, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.771170, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.771234, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x617, type= 0x3, gen_id = 755, uid = 0, flags = 0, file_id 801:98691:0, name_hash = 0x2612494e [2011/10/11 16:43:39.771285, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2612494e [2011/10/11 16:43:39.771330, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009186 [2011/10/11 16:43:39.771385, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_96.db = 0 [2011/10/11 16:43:39.771449, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_96.db [2011/10/11 16:43:39.771496, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_96.db (numopen=30) NT_STATUS_OK [2011/10/11 16:43:39.771541, 5] smbd/files.c:464(file_free) freed files structure 18194 (142 used) [2011/10/11 16:43:39.771588, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.771613, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1796 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.771826, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.772237, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.772286, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.772328, 3] smbd/process.c:1661(process_smb) Transaction 8033 of length 45 (0 toread) [2011/10/11 16:43:39.772370, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.772394, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1860 smt_wct=3 smb_vwv[ 0]=18195 (0x4713) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.772656, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.772683, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.772728, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.772772, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.773211, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.773342, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.773414, 3] smbd/reply.c:4850(reply_close) close fd=247 fnum=18195 (numopen=30) [2011/10/11 16:43:39.773457, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.773517, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_idx.db, file_id = 801:98690:0 gen_id = 756 has kernel oplock state of 1. [2011/10/11 16:43:39.773578, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009086 [2011/10/11 16:43:39.773626, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.773668, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:10:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.773751, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x70d, type= 0x3, gen_id = 756, uid = 0, flags = 0, file_id 801:98690:0, name_hash = 0x6459569f [2011/10/11 16:43:39.773802, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6459569f [2011/10/11 16:43:39.773847, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009086 [2011/10/11 16:43:39.773901, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_idx.db = 0 [2011/10/11 16:43:39.773946, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_idx.db [2011/10/11 16:43:39.773993, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/thumbcache_idx.db (numopen=29) NT_STATUS_OK [2011/10/11 16:43:39.774038, 5] smbd/files.c:464(file_free) freed files structure 18195 (141 used) [2011/10/11 16:43:39.774085, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.774110, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1860 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.774325, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.774760, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.774811, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.774853, 3] smbd/process.c:1661(process_smb) Transaction 8034 of length 45 (0 toread) [2011/10/11 16:43:39.774895, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.774920, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1924 smt_wct=3 smb_vwv[ 0]=18196 (0x4714) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.775185, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.775212, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.775257, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.775301, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.775746, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.775875, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.775943, 3] smbd/reply.c:4850(reply_close) close fd=248 fnum=18196 (numopen=29) [2011/10/11 16:43:39.775986, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.776045, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog.etl, file_id = 801:98d32:0 gen_id = 757 has kernel oplock state of 1. [2011/10/11 16:43:39.776105, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000328D [2011/10/11 16:43:39.776152, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.776195, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:37:18 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.776259, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x863, type= 0x3, gen_id = 757, uid = 0, flags = 0, file_id 801:98d32:0, name_hash = 0x7815faa1 [2011/10/11 16:43:39.776309, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7815faa1 [2011/10/11 16:43:39.776358, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000328D [2011/10/11 16:43:39.776412, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog.etl = 0 [2011/10/11 16:43:39.776458, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog.etl [2011/10/11 16:43:39.776505, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog.etl (numopen=28) NT_STATUS_OK [2011/10/11 16:43:39.776550, 5] smbd/files.c:464(file_free) freed files structure 18196 (140 used) [2011/10/11 16:43:39.776596, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.776621, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1924 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.776835, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.777223, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.777272, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.777314, 3] smbd/process.c:1661(process_smb) Transaction 8035 of length 45 (0 toread) [2011/10/11 16:43:39.777356, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.777401, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1988 smt_wct=3 smb_vwv[ 0]=18197 (0x4715) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.777665, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.777691, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.777737, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.777781, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.778239, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.778368, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.778418, 3] smbd/reply.c:4850(reply_close) close fd=249 fnum=18197 (numopen=28) [2011/10/11 16:43:39.778460, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.778519, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog_RunOnce.etl, file_id = 801:98670:0 gen_id = 758 has kernel oplock state of 1. [2011/10/11 16:43:39.778579, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000007086 [2011/10/11 16:43:39.778627, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.778669, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:37:13 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.778733, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x16ce, type= 0x3, gen_id = 758, uid = 0, flags = 0, file_id 801:98670:0, name_hash = 0x37c0783d [2011/10/11 16:43:39.778783, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x37c0783d [2011/10/11 16:43:39.778828, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000007086 [2011/10/11 16:43:39.778882, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog_RunOnce.etl = 0 [2011/10/11 16:43:39.778928, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog_RunOnce.etl [2011/10/11 16:43:39.778975, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Explorer/ExplorerStartupLog_RunOnce.etl (numopen=27) NT_STATUS_OK [2011/10/11 16:43:39.779020, 5] smbd/files.c:464(file_free) freed files structure 18197 (139 used) [2011/10/11 16:43:39.779066, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.779091, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=1988 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.779305, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.779676, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.779727, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.779769, 3] smbd/process.c:1661(process_smb) Transaction 8036 of length 45 (0 toread) [2011/10/11 16:43:39.779811, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.779836, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2052 smt_wct=3 smb_vwv[ 0]=18198 (0x4716) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.780115, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.780142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.780187, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.780231, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.780675, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.780806, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.780855, 3] smbd/reply.c:4850(reply_close) close fd=250 fnum=18198 (numopen=27) [2011/10/11 16:43:39.780897, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.780956, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/desktop.ini, file_id = 801:d1a10:0 gen_id = 759 has kernel oplock state of 1. [2011/10/11 16:43:39.781015, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000101A [2011/10/11 16:43:39.781063, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.781106, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.781170, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1be6, type= 0x3, gen_id = 759, uid = 0, flags = 0, file_id 801:d1a10:0, name_hash = 0x9452d613 [2011/10/11 16:43:39.781219, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9452d613 [2011/10/11 16:43:39.781264, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000101A [2011/10/11 16:43:39.781318, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/desktop.ini = 0 [2011/10/11 16:43:39.781363, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/desktop.ini [2011/10/11 16:43:39.781432, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/desktop.ini (numopen=26) NT_STATUS_OK [2011/10/11 16:43:39.781477, 5] smbd/files.c:464(file_free) freed files structure 18198 (138 used) [2011/10/11 16:43:39.781526, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.781551, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2052 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.781782, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.782187, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.782238, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.782280, 3] smbd/process.c:1661(process_smb) Transaction 8037 of length 45 (0 toread) [2011/10/11 16:43:39.782322, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.782347, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2116 smt_wct=3 smb_vwv[ 0]=18199 (0x4717) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.782609, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.782636, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.782681, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.782725, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.783165, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.783294, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.783344, 3] smbd/reply.c:4850(reply_close) close fd=251 fnum=18199 (numopen=26) [2011/10/11 16:43:39.783387, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.783448, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/desktop.ini, file_id = 801:d5230:0 gen_id = 760 has kernel oplock state of 1. [2011/10/11 16:43:39.783508, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003052 [2011/10/11 16:43:39.783556, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.783599, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.783663, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1cd8, type= 0x3, gen_id = 760, uid = 0, flags = 0, file_id 801:d5230:0, name_hash = 0x62db161 [2011/10/11 16:43:39.783713, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x62db161 [2011/10/11 16:43:39.783758, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003052 [2011/10/11 16:43:39.783812, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/desktop.ini = 0 [2011/10/11 16:43:39.783874, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/desktop.ini [2011/10/11 16:43:39.783922, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/desktop.ini (numopen=25) NT_STATUS_OK [2011/10/11 16:43:39.783967, 5] smbd/files.c:464(file_free) freed files structure 18199 (137 used) [2011/10/11 16:43:39.784011, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.784037, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2116 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.784251, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.784667, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.784716, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.784758, 3] smbd/process.c:1661(process_smb) Transaction 8038 of length 45 (0 toread) [2011/10/11 16:43:39.784800, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.784824, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2180 smt_wct=3 smb_vwv[ 0]=18200 (0x4718) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.785087, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.785113, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.785158, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.785202, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.785662, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.785794, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.785843, 3] smbd/reply.c:4850(reply_close) close fd=252 fnum=18200 (numopen=25) [2011/10/11 16:43:39.785885, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.785944, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/index.dat, file_id = 801:944b9:0 gen_id = 761 has kernel oplock state of 1. [2011/10/11 16:43:39.786004, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B944 [2011/10/11 16:43:39.786053, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.786094, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 13:25:40 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.786180, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d0a, type= 0x3, gen_id = 761, uid = 0, flags = 0, file_id 801:944b9:0, name_hash = 0x408a0950 [2011/10/11 16:43:39.786230, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x408a0950 [2011/10/11 16:43:39.786276, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B944 [2011/10/11 16:43:39.786329, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/index.dat = 0 [2011/10/11 16:43:39.786375, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/index.dat [2011/10/11 16:43:39.786422, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/History/History.IE5/index.dat (numopen=24) NT_STATUS_OK [2011/10/11 16:43:39.786467, 5] smbd/files.c:464(file_free) freed files structure 18200 (136 used) [2011/10/11 16:43:39.786514, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.786539, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2180 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.786754, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.787169, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.787220, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.787263, 3] smbd/process.c:1661(process_smb) Transaction 8039 of length 45 (0 toread) [2011/10/11 16:43:39.787305, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.787330, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2244 smt_wct=3 smb_vwv[ 0]=18201 (0x4719) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.787593, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.787620, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.787666, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.787709, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.788152, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.788282, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.788333, 3] smbd/reply.c:4850(reply_close) close fd=253 fnum=18201 (numopen=24) [2011/10/11 16:43:39.788393, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.788453, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/desktop.ini, file_id = 801:2392ce:0 gen_id = 762 has kernel oplock state of 1. [2011/10/11 16:43:39.788513, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CE92 [2011/10/11 16:43:39.788561, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.788603, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.788667, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d57, type= 0x3, gen_id = 762, uid = 0, flags = 0, file_id 801:2392ce:0, name_hash = 0x90a0e1d6 [2011/10/11 16:43:39.788717, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x90a0e1d6 [2011/10/11 16:43:39.788762, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CE92 [2011/10/11 16:43:39.788816, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/desktop.ini = 0 [2011/10/11 16:43:39.788861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/desktop.ini [2011/10/11 16:43:39.788908, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/desktop.ini (numopen=23) NT_STATUS_OK [2011/10/11 16:43:39.788953, 5] smbd/files.c:464(file_free) freed files structure 18201 (135 used) [2011/10/11 16:43:39.789001, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.789026, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2244 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.789240, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.789638, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.789689, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.789731, 3] smbd/process.c:1661(process_smb) Transaction 8040 of length 45 (0 toread) [2011/10/11 16:43:39.789773, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.789798, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2308 smt_wct=3 smb_vwv[ 0]=18202 (0x471A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.790061, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.790087, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.790133, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.790176, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.790636, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.790766, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.790816, 3] smbd/reply.c:4850(reply_close) close fd=254 fnum=18202 (numopen=23) [2011/10/11 16:43:39.790858, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.790917, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/desktop.ini, file_id = 801:23d42b:0 gen_id = 763 has kernel oplock state of 1. [2011/10/11 16:43:39.790978, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000002BD4 [2011/10/11 16:43:39.791027, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.791069, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.791134, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1e4d, type= 0x3, gen_id = 763, uid = 0, flags = 0, file_id 801:23d42b:0, name_hash = 0x8f4f370d [2011/10/11 16:43:39.791184, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8f4f370d [2011/10/11 16:43:39.791229, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000002BD4 [2011/10/11 16:43:39.791283, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/desktop.ini = 0 [2011/10/11 16:43:39.791329, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/desktop.ini [2011/10/11 16:43:39.791377, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/desktop.ini (numopen=22) NT_STATUS_OK [2011/10/11 16:43:39.791422, 5] smbd/files.c:464(file_free) freed files structure 18202 (134 used) [2011/10/11 16:43:39.791469, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.791494, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2308 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.791709, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.792125, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.792174, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.792216, 3] smbd/process.c:1661(process_smb) Transaction 8041 of length 45 (0 toread) [2011/10/11 16:43:39.792258, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.792283, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2372 smt_wct=3 smb_vwv[ 0]=18203 (0x471B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.792548, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.792591, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.792637, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.792680, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.793123, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.793253, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.793302, 3] smbd/reply.c:4850(reply_close) close fd=255 fnum=18203 (numopen=22) [2011/10/11 16:43:39.793344, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.793424, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/index.dat, file_id = 801:13d188:0 gen_id = 764 has kernel oplock state of 1. [2011/10/11 16:43:39.793484, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000088D1 [2011/10/11 16:43:39.793532, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.793574, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 13:25:40 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.793639, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1fe3, type= 0x3, gen_id = 764, uid = 0, flags = 0, file_id 801:13d188:0, name_hash = 0x830eb7e1 [2011/10/11 16:43:39.793689, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x830eb7e1 [2011/10/11 16:43:39.793734, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000088D1 [2011/10/11 16:43:39.793788, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/index.dat = 0 [2011/10/11 16:43:39.793833, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/index.dat [2011/10/11 16:43:39.793881, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/index.dat (numopen=21) NT_STATUS_OK [2011/10/11 16:43:39.793926, 5] smbd/files.c:464(file_free) freed files structure 18203 (133 used) [2011/10/11 16:43:39.793972, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.793998, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2372 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.794226, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.794632, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.794683, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.794725, 3] smbd/process.c:1661(process_smb) Transaction 8042 of length 45 (0 toread) [2011/10/11 16:43:39.794767, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.794792, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2436 smt_wct=3 smb_vwv[ 0]=18204 (0x471C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.795056, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.795082, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.795128, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.795171, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.795613, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.795743, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.795796, 3] smbd/reply.c:4850(reply_close) close fd=256 fnum=18204 (numopen=21) [2011/10/11 16:43:39.795838, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.795898, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/favicon[1].ico, file_id = 801:cc81f:0 gen_id = 765 has kernel oplock state of 1. [2011/10/11 16:43:39.795958, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000001FC8 [2011/10/11 16:43:39.796006, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3840 [2011/10/11 16:43:39.796048, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 14:18:15 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.796112, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2a0e, type= 0x3, gen_id = 765, uid = 0, flags = 0, file_id 801:cc81f:0, name_hash = 0xb75de809 [2011/10/11 16:43:39.796162, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb75de809 [2011/10/11 16:43:39.796207, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000001FC8 [2011/10/11 16:43:39.796262, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/favicon[1].ico = 0 [2011/10/11 16:43:39.796326, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/favicon[1].ico [2011/10/11 16:43:39.796374, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/favicon[1].ico (numopen=20) NT_STATUS_OK [2011/10/11 16:43:39.796420, 5] smbd/files.c:464(file_free) freed files structure 18204 (132 used) [2011/10/11 16:43:39.796466, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.796491, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2436 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.796704, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.797073, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.797122, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.797164, 3] smbd/process.c:1661(process_smb) Transaction 8043 of length 45 (0 toread) [2011/10/11 16:43:39.797206, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.797231, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2500 smt_wct=3 smb_vwv[ 0]=18205 (0x471D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.797516, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.797543, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.797588, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.797631, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.798076, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.798205, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.798255, 3] smbd/reply.c:4850(reply_close) close fd=257 fnum=18205 (numopen=20) [2011/10/11 16:43:39.798297, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.798357, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/desktop.ini, file_id = 801:cdda7:0 gen_id = 766 has kernel oplock state of 1. [2011/10/11 16:43:39.798418, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A7DD [2011/10/11 16:43:39.798465, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.798524, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.798588, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2ba6, type= 0x3, gen_id = 766, uid = 0, flags = 0, file_id 801:cdda7:0, name_hash = 0x459e1be6 [2011/10/11 16:43:39.798639, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x459e1be6 [2011/10/11 16:43:39.798688, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A7DD [2011/10/11 16:43:39.798742, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/desktop.ini = 0 [2011/10/11 16:43:39.798787, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/desktop.ini [2011/10/11 16:43:39.798835, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/DLQ9Q4GK/desktop.ini (numopen=19) NT_STATUS_OK [2011/10/11 16:43:39.798880, 5] smbd/files.c:464(file_free) freed files structure 18205 (131 used) [2011/10/11 16:43:39.798926, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.798951, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2500 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.799165, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.799522, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.799572, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.799615, 3] smbd/process.c:1661(process_smb) Transaction 8044 of length 45 (0 toread) [2011/10/11 16:43:39.799656, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.799681, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2564 smt_wct=3 smb_vwv[ 0]=18206 (0x471E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.799943, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.799970, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.800015, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.800058, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.800500, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.800646, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.800697, 3] smbd/reply.c:4850(reply_close) close fd=258 fnum=18206 (numopen=19) [2011/10/11 16:43:39.800740, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.800799, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/EVYQ8Y22/desktop.ini, file_id = 801:148b54:0 gen_id = 767 has kernel oplock state of 1. [2011/10/11 16:43:39.800859, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000548B [2011/10/11 16:43:39.800907, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.800949, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.801013, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c98, type= 0x3, gen_id = 767, uid = 0, flags = 0, file_id 801:148b54:0, name_hash = 0xe264c4be [2011/10/11 16:43:39.801063, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe264c4be [2011/10/11 16:43:39.801108, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000548B [2011/10/11 16:43:39.801162, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/EVYQ8Y22/desktop.ini = 0 [2011/10/11 16:43:39.801208, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/EVYQ8Y22/desktop.ini [2011/10/11 16:43:39.801255, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/EVYQ8Y22/desktop.ini (numopen=18) NT_STATUS_OK [2011/10/11 16:43:39.801301, 5] smbd/files.c:464(file_free) freed files structure 18206 (130 used) [2011/10/11 16:43:39.801347, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.801372, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2564 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.801608, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.802011, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.802062, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.802105, 3] smbd/process.c:1661(process_smb) Transaction 8045 of length 45 (0 toread) [2011/10/11 16:43:39.802146, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.802171, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2628 smt_wct=3 smb_vwv[ 0]=18207 (0x471F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.802435, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.802462, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.802508, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.802551, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.803011, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.803141, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.803191, 3] smbd/reply.c:4850(reply_close) close fd=259 fnum=18207 (numopen=18) [2011/10/11 16:43:39.803233, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.803292, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OBP1RFI7/desktop.ini, file_id = 801:c4655:0 gen_id = 768 has kernel oplock state of 1. [2011/10/11 16:43:39.803352, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005546 [2011/10/11 16:43:39.803399, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.803441, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.803505, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2cd7, type= 0x3, gen_id = 768, uid = 0, flags = 0, file_id 801:c4655:0, name_hash = 0x5b00667d [2011/10/11 16:43:39.803555, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5b00667d [2011/10/11 16:43:39.803600, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005546 [2011/10/11 16:43:39.803654, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OBP1RFI7/desktop.ini = 0 [2011/10/11 16:43:39.803700, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OBP1RFI7/desktop.ini [2011/10/11 16:43:39.803748, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OBP1RFI7/desktop.ini (numopen=17) NT_STATUS_OK [2011/10/11 16:43:39.803793, 5] smbd/files.c:464(file_free) freed files structure 18207 (129 used) [2011/10/11 16:43:39.803841, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.803866, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2628 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.804080, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.804484, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.804533, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.804576, 3] smbd/process.c:1661(process_smb) Transaction 8046 of length 45 (0 toread) [2011/10/11 16:43:39.804634, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.804659, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2692 smt_wct=3 smb_vwv[ 0]=18208 (0x4720) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.804921, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.804948, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.804993, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.805036, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.805496, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.805626, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.805675, 3] smbd/reply.c:4850(reply_close) close fd=260 fnum=18208 (numopen=17) [2011/10/11 16:43:39.805717, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.805775, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QEZOGLLK/desktop.ini, file_id = 801:140bef:0 gen_id = 769 has kernel oplock state of 1. [2011/10/11 16:43:39.805835, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000EF0B [2011/10/11 16:43:39.805883, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3830 [2011/10/11 16:43:39.805925, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:11:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.805989, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2d0a, type= 0x3, gen_id = 769, uid = 0, flags = 0, file_id 801:140bef:0, name_hash = 0xa82f5189 [2011/10/11 16:43:39.806038, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa82f5189 [2011/10/11 16:43:39.806083, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000EF0B [2011/10/11 16:43:39.806136, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QEZOGLLK/desktop.ini = 0 [2011/10/11 16:43:39.806182, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QEZOGLLK/desktop.ini [2011/10/11 16:43:39.806229, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QEZOGLLK/desktop.ini (numopen=16) NT_STATUS_OK [2011/10/11 16:43:39.806289, 5] smbd/files.c:464(file_free) freed files structure 18208 (128 used) [2011/10/11 16:43:39.806336, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.806362, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2692 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.806576, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.806974, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.807024, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.807067, 3] smbd/process.c:1661(process_smb) Transaction 8047 of length 45 (0 toread) [2011/10/11 16:43:39.807109, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.807133, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2756 smt_wct=3 smb_vwv[ 0]=18209 (0x4721) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.807397, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.807423, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.807468, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.807512, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.807953, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.808082, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.808132, 3] smbd/reply.c:4850(reply_close) close fd=261 fnum=18209 (numopen=16) [2011/10/11 16:43:39.808175, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.808233, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/AppData/LocalLow/Microsoft/Internet Explorer/Services/search_{A89B8645-BFC3-43CA-9EF3-2EA4ED434FF3}.ico, file_id = 801:1a0e13:0 gen_id = 770 has kernel oplock state of 1. [2011/10/11 16:43:39.808294, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000130E [2011/10/11 16:43:39.808341, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3840 [2011/10/11 16:43:39.808383, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 14:18:15 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.808448, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2e0d, type= 0x3, gen_id = 770, uid = 0, flags = 0, file_id 801:1a0e13:0, name_hash = 0x591e777b [2011/10/11 16:43:39.808514, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x591e777b [2011/10/11 16:43:39.808560, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000130E [2011/10/11 16:43:39.808614, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/AppData/LocalLow/Microsoft/Internet Explorer/Services/search_{A89B8645-BFC3-43CA-9EF3-2EA4ED434FF3}.ico = 0 [2011/10/11 16:43:39.808660, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/AppData/LocalLow/Microsoft/Internet Explorer/Services/search_{A89B8645-BFC3-43CA-9EF3-2EA4ED434FF3}.ico [2011/10/11 16:43:39.808707, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/AppData/LocalLow/Microsoft/Internet Explorer/Services/search_{A89B8645-BFC3-43CA-9EF3-2EA4ED434FF3}.ico (numopen=15) NT_STATUS_OK [2011/10/11 16:43:39.808753, 5] smbd/files.c:464(file_free) freed files structure 18209 (127 used) [2011/10/11 16:43:39.808799, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.808824, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2756 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.809039, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.809427, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.809477, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.809519, 3] smbd/process.c:1661(process_smb) Transaction 8048 of length 45 (0 toread) [2011/10/11 16:43:39.809561, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.809586, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2820 smt_wct=3 smb_vwv[ 0]=18210 (0x4722) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.809851, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.809877, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.809922, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.809966, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.810408, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.810539, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.810588, 3] smbd/reply.c:4850(reply_close) close fd=262 fnum=18210 (numopen=15) [2011/10/11 16:43:39.810630, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.810707, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/1b4dd67f29cb1962.customDestinations-ms, file_id = 801:1e9092:0 gen_id = 771 has kernel oplock state of 1. [2011/10/11 16:43:39.810767, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009290 [2011/10/11 16:43:39.810814, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.810856, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:37:13 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.810920, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2fa3, type= 0x3, gen_id = 771, uid = 0, flags = 0, file_id 801:1e9092:0, name_hash = 0x65092957 [2011/10/11 16:43:39.810969, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x65092957 [2011/10/11 16:43:39.811014, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009290 [2011/10/11 16:43:39.811068, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/1b4dd67f29cb1962.customDestinations-ms = 0 [2011/10/11 16:43:39.811113, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/1b4dd67f29cb1962.customDestinations-ms [2011/10/11 16:43:39.811160, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/1b4dd67f29cb1962.customDestinations-ms (numopen=14) NT_STATUS_OK [2011/10/11 16:43:39.811205, 5] smbd/files.c:464(file_free) freed files structure 18210 (126 used) [2011/10/11 16:43:39.811252, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.811277, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2820 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.811491, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.811891, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.811941, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.811983, 3] smbd/process.c:1661(process_smb) Transaction 8049 of length 45 (0 toread) [2011/10/11 16:43:39.812025, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.812050, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2884 smt_wct=3 smb_vwv[ 0]=18211 (0x4723) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.812311, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.812338, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.812383, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.812426, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.812882, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.813012, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.813061, 3] smbd/reply.c:4850(reply_close) close fd=263 fnum=18211 (numopen=14) [2011/10/11 16:43:39.813103, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.813162, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/7e4dca80246863e3.customDestinations-ms, file_id = 801:1e908c:0 gen_id = 772 has kernel oplock state of 1. [2011/10/11 16:43:39.813222, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008C90 [2011/10/11 16:43:39.813270, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.813312, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:37:13 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.813395, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x39ce, type= 0x3, gen_id = 772, uid = 0, flags = 0, file_id 801:1e908c:0, name_hash = 0xff9e1b08 [2011/10/11 16:43:39.813447, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xff9e1b08 [2011/10/11 16:43:39.813492, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008C90 [2011/10/11 16:43:39.813546, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/7e4dca80246863e3.customDestinations-ms = 0 [2011/10/11 16:43:39.813591, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/7e4dca80246863e3.customDestinations-ms [2011/10/11 16:43:39.813638, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Onlangs geopend/CustomDestinations/7e4dca80246863e3.customDestinations-ms (numopen=13) NT_STATUS_OK [2011/10/11 16:43:39.813683, 5] smbd/files.c:464(file_free) freed files structure 18211 (125 used) [2011/10/11 16:43:39.813729, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.813755, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2884 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.813968, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.814372, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.814423, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.814465, 3] smbd/process.c:1661(process_smb) Transaction 8050 of length 45 (0 toread) [2011/10/11 16:43:39.814506, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.814531, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2948 smt_wct=3 smb_vwv[ 0]=18212 (0x4724) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.814793, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.814820, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.814882, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.814927, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.815368, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.815497, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.815546, 3] smbd/reply.c:4850(reply_close) close fd=264 fnum=18212 (numopen=13) [2011/10/11 16:43:39.815589, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.815648, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Onlangs geopend/.svn/entries, file_id = 801:229184:0 gen_id = 773 has kernel oplock state of 1. [2011/10/11 16:43:39.815709, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008491 [2011/10/11 16:43:39.815757, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.815799, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.815864, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3b66, type= 0x3, gen_id = 773, uid = 0, flags = 0, file_id 801:229184:0, name_hash = 0xef236280 [2011/10/11 16:43:39.815913, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xef236280 [2011/10/11 16:43:39.815959, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008491 [2011/10/11 16:43:39.816012, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Onlangs geopend/.svn/entries = 0 [2011/10/11 16:43:39.816056, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Onlangs geopend/.svn/entries [2011/10/11 16:43:39.816102, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Onlangs geopend/.svn/entries (numopen=12) NT_STATUS_OK [2011/10/11 16:43:39.816147, 5] smbd/files.c:464(file_free) freed files structure 18212 (124 used) [2011/10/11 16:43:39.816193, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.816218, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=2948 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.816432, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.816870, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.816918, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.816979, 3] smbd/process.c:1661(process_smb) Transaction 8051 of length 45 (0 toread) [2011/10/11 16:43:39.817021, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.817046, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3012 smt_wct=3 smb_vwv[ 0]=18213 (0x4725) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.817308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.817335, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.817400, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.817444, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.817887, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.818017, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.818066, 3] smbd/reply.c:4850(reply_close) close fd=265 fnum=18213 (numopen=12) [2011/10/11 16:43:39.818109, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.818168, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/Programma's/Opstarten/desktop.ini, file_id = 801:241921:0 gen_id = 774 has kernel oplock state of 1. [2011/10/11 16:43:39.818228, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000002119 [2011/10/11 16:43:39.818275, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3810 [2011/10/11 16:43:39.818317, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 12:09:55 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.818381, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c58, type= 0x3, gen_id = 774, uid = 0, flags = 0, file_id 801:241921:0, name_hash = 0xd616d56f [2011/10/11 16:43:39.818432, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd616d56f [2011/10/11 16:43:39.818476, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000002119 [2011/10/11 16:43:39.818531, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/Programma's/Opstarten/desktop.ini = 0 [2011/10/11 16:43:39.818576, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/Programma's/Opstarten/desktop.ini [2011/10/11 16:43:39.818622, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/Programma's/Opstarten/desktop.ini (numopen=11) NT_STATUS_OK [2011/10/11 16:43:39.818682, 5] smbd/files.c:464(file_free) freed files structure 18213 (123 used) [2011/10/11 16:43:39.818730, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.818755, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3012 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.818970, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.819363, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.819415, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.819457, 3] smbd/process.c:1661(process_smb) Transaction 8052 of length 45 (0 toread) [2011/10/11 16:43:39.819499, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.819524, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3076 smt_wct=3 smb_vwv[ 0]=18214 (0x4726) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.819786, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.819813, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.819858, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.819902, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.820342, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.820472, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.820521, 3] smbd/reply.c:4850(reply_close) close fd=266 fnum=18214 (numopen=11) [2011/10/11 16:43:39.820563, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.820622, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/Programma's/Kladblok.lnk, file_id = 801:1f8fc7:0 gen_id = 775 has kernel oplock state of 1. [2011/10/11 16:43:39.820682, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C78F [2011/10/11 16:43:39.820734, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.820776, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.820839, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c97, type= 0x3, gen_id = 775, uid = 0, flags = 0, file_id 801:1f8fc7:0, name_hash = 0x9ab679a9 [2011/10/11 16:43:39.820906, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9ab679a9 [2011/10/11 16:43:39.820956, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C78F [2011/10/11 16:43:39.821009, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/Programma's/Kladblok.lnk = 0 [2011/10/11 16:43:39.821054, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/Programma's/Kladblok.lnk [2011/10/11 16:43:39.821100, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/Programma's/Kladblok.lnk (numopen=10) NT_STATUS_OK [2011/10/11 16:43:39.821144, 5] smbd/files.c:464(file_free) freed files structure 18214 (122 used) [2011/10/11 16:43:39.821190, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.821215, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3076 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.821450, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.821856, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.821906, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.821948, 3] smbd/process.c:1661(process_smb) Transaction 8053 of length 45 (0 toread) [2011/10/11 16:43:39.821990, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.822015, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3140 smt_wct=3 smb_vwv[ 0]=18215 (0x4727) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.822278, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.822304, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.822350, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.822393, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.822832, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.822961, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.823012, 3] smbd/reply.c:4850(reply_close) close fd=267 fnum=18215 (numopen=10) [2011/10/11 16:43:39.823054, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.823114, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/entries, file_id = 801:1fcfe6:0 gen_id = 776 has kernel oplock state of 1. [2011/10/11 16:43:39.823174, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E6CF [2011/10/11 16:43:39.823241, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.823283, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.823347, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3cca, type= 0x3, gen_id = 776, uid = 0, flags = 0, file_id 801:1fcfe6:0, name_hash = 0x38dce78b [2011/10/11 16:43:39.823397, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x38dce78b [2011/10/11 16:43:39.823442, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E6CF [2011/10/11 16:43:39.823496, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/entries = 0 [2011/10/11 16:43:39.823541, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/entries [2011/10/11 16:43:39.823587, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/entries (numopen=9) NT_STATUS_OK [2011/10/11 16:43:39.823632, 5] smbd/files.c:464(file_free) freed files structure 18215 (121 used) [2011/10/11 16:43:39.823680, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.823705, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3140 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.823920, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.824328, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.824377, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.824419, 3] smbd/process.c:1661(process_smb) Transaction 8054 of length 45 (0 toread) [2011/10/11 16:43:39.824461, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.824486, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3204 smt_wct=3 smb_vwv[ 0]=18216 (0x4728) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.824749, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.824776, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.824821, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.824864, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.825306, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.825473, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.825522, 3] smbd/reply.c:4850(reply_close) close fd=268 fnum=18216 (numopen=9) [2011/10/11 16:43:39.825565, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.825623, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/prop-base/Kladblok.lnk.svn-base, file_id = 801:205082:0 gen_id = 777 has kernel oplock state of 1. [2011/10/11 16:43:39.825683, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008250 [2011/10/11 16:43:39.825731, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.825773, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.825837, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3dcd, type= 0x3, gen_id = 777, uid = 0, flags = 0, file_id 801:205082:0, name_hash = 0xb825c0f2 [2011/10/11 16:43:39.825887, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb825c0f2 [2011/10/11 16:43:39.825932, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008250 [2011/10/11 16:43:39.825986, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/prop-base/Kladblok.lnk.svn-base = 0 [2011/10/11 16:43:39.826031, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/prop-base/Kladblok.lnk.svn-base [2011/10/11 16:43:39.826078, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/prop-base/Kladblok.lnk.svn-base (numopen=8) NT_STATUS_OK [2011/10/11 16:43:39.826123, 5] smbd/files.c:464(file_free) freed files structure 18216 (120 used) [2011/10/11 16:43:39.826167, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.826192, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3204 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.826407, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.826810, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.826861, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.826903, 3] smbd/process.c:1661(process_smb) Transaction 8055 of length 45 (0 toread) [2011/10/11 16:43:39.826945, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.826969, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3268 smt_wct=3 smb_vwv[ 0]=18217 (0x4729) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.827232, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.827259, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.827304, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.827347, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.827806, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.827936, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.827985, 3] smbd/reply.c:4850(reply_close) close fd=269 fnum=18217 (numopen=8) [2011/10/11 16:43:39.828027, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.828086, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/text-base/Kladblok.lnk.svn-base, file_id = 801:20132f:0 gen_id = 778 has kernel oplock state of 1. [2011/10/11 16:43:39.828145, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000002F13 [2011/10/11 16:43:39.828193, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:39.828235, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.828299, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3f63, type= 0x3, gen_id = 778, uid = 0, flags = 0, file_id 801:20132f:0, name_hash = 0x946b6f62 [2011/10/11 16:43:39.828348, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x946b6f62 [2011/10/11 16:43:39.828394, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000002F13 [2011/10/11 16:43:39.828448, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/text-base/Kladblok.lnk.svn-base = 0 [2011/10/11 16:43:39.828493, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/text-base/Kladblok.lnk.svn-base [2011/10/11 16:43:39.828541, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/Programma's/.svn/text-base/Kladblok.lnk.svn-base (numopen=7) NT_STATUS_OK [2011/10/11 16:43:39.828585, 5] smbd/files.c:464(file_free) freed files structure 18217 (119 used) [2011/10/11 16:43:39.828631, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.828657, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3268 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.828871, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.829270, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.829319, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.829361, 3] smbd/process.c:1661(process_smb) Transaction 8056 of length 45 (0 toread) [2011/10/11 16:43:39.829423, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.829448, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3332 smt_wct=3 smb_vwv[ 0]=18218 (0x472A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.829726, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.829753, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.829798, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.829842, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.830283, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.830413, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.830465, 3] smbd/reply.c:4850(reply_close) close fd=270 fnum=18218 (numopen=7) [2011/10/11 16:43:39.830507, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.830565, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Start Menu/.svn/entries, file_id = 801:1d8fc2:0 gen_id = 779 has kernel oplock state of 1. [2011/10/11 16:43:39.830625, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C28F [2011/10/11 16:43:39.830673, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.830716, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.830780, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x498e, type= 0x3, gen_id = 779, uid = 0, flags = 0, file_id 801:1d8fc2:0, name_hash = 0xb96f97af [2011/10/11 16:43:39.830830, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb96f97af [2011/10/11 16:43:39.830877, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C28F [2011/10/11 16:43:39.830932, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Start Menu/.svn/entries = 0 [2011/10/11 16:43:39.830977, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Start Menu/.svn/entries [2011/10/11 16:43:39.831023, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Start Menu/.svn/entries (numopen=6) NT_STATUS_OK [2011/10/11 16:43:39.831067, 5] smbd/files.c:464(file_free) freed files structure 18218 (118 used) [2011/10/11 16:43:39.831114, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.831139, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3332 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.831355, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.831835, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.831887, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.831930, 3] smbd/process.c:1661(process_smb) Transaction 8057 of length 45 (0 toread) [2011/10/11 16:43:39.831971, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.831996, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3396 smt_wct=3 smb_vwv[ 0]=18219 (0x472B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.832259, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.832286, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.832332, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.832375, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.832817, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.832946, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.832995, 3] smbd/reply.c:4850(reply_close) close fd=271 fnum=18219 (numopen=6) [2011/10/11 16:43:39.833038, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.833097, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Favorites/Links/desktop.ini, file_id = 801:98643:0 gen_id = 780 has kernel oplock state of 1. [2011/10/11 16:43:39.833157, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004386 [2011/10/11 16:43:39.833205, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.833247, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Oct 7 14:18:12 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.833311, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4b26, type= 0x3, gen_id = 780, uid = 0, flags = 0, file_id 801:98643:0, name_hash = 0xd1a621ca [2011/10/11 16:43:39.833361, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd1a621ca [2011/10/11 16:43:39.833425, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004386 [2011/10/11 16:43:39.833480, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Favorites/Links/desktop.ini = 0 [2011/10/11 16:43:39.833524, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Favorites/Links/desktop.ini [2011/10/11 16:43:39.833588, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Favorites/Links/desktop.ini (numopen=5) NT_STATUS_OK [2011/10/11 16:43:39.833634, 5] smbd/files.c:464(file_free) freed files structure 18219 (117 used) [2011/10/11 16:43:39.833678, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.833704, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3396 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.833920, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.834329, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.834380, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.834423, 3] smbd/process.c:1661(process_smb) Transaction 8058 of length 45 (0 toread) [2011/10/11 16:43:39.834464, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.834489, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3460 smt_wct=3 smb_vwv[ 0]=18220 (0x472C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.834755, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.834782, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.834827, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.834871, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.835317, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.835448, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.835497, 3] smbd/reply.c:4850(reply_close) close fd=272 fnum=18220 (numopen=5) [2011/10/11 16:43:39.835539, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.835598, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Favorites/.svn/entries, file_id = 801:1bcec4:0 gen_id = 781 has kernel oplock state of 1. [2011/10/11 16:43:39.835658, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C4CE [2011/10/11 16:43:39.835706, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.835748, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.835812, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c18, type= 0x3, gen_id = 781, uid = 0, flags = 0, file_id 801:1bcec4:0, name_hash = 0xb9b0c67f [2011/10/11 16:43:39.835879, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb9b0c67f [2011/10/11 16:43:39.835925, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C4CE [2011/10/11 16:43:39.835979, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Favorites/.svn/entries = 0 [2011/10/11 16:43:39.836024, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Favorites/.svn/entries [2011/10/11 16:43:39.836069, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Favorites/.svn/entries (numopen=4) NT_STATUS_OK [2011/10/11 16:43:39.836113, 5] smbd/files.c:464(file_free) freed files structure 18220 (116 used) [2011/10/11 16:43:39.836160, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.836185, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3460 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.836399, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.836806, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.836854, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.836896, 3] smbd/process.c:1661(process_smb) Transaction 8059 of length 45 (0 toread) [2011/10/11 16:43:39.836938, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.836963, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3524 smt_wct=3 smb_vwv[ 0]=18221 (0x472D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.837225, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.837251, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.837296, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.837339, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.837800, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.837931, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.837981, 3] smbd/reply.c:4850(reply_close) close fd=273 fnum=18221 (numopen=4) [2011/10/11 16:43:39.838023, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.838082, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Netwerkprinteromgeving/.svn/entries, file_id = 801:198fc2:0 gen_id = 782 has kernel oplock state of 1. [2011/10/11 16:43:39.838157, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C28F [2011/10/11 16:43:39.838206, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.838247, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.838311, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c57, type= 0x3, gen_id = 782, uid = 0, flags = 0, file_id 801:198fc2:0, name_hash = 0x549123a9 [2011/10/11 16:43:39.838361, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x549123a9 [2011/10/11 16:43:39.838405, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C28F [2011/10/11 16:43:39.838459, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Netwerkprinteromgeving/.svn/entries = 0 [2011/10/11 16:43:39.838503, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Netwerkprinteromgeving/.svn/entries [2011/10/11 16:43:39.838549, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Netwerkprinteromgeving/.svn/entries (numopen=3) NT_STATUS_OK [2011/10/11 16:43:39.838592, 5] smbd/files.c:464(file_free) freed files structure 18221 (115 used) [2011/10/11 16:43:39.838639, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.838664, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3524 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.838877, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.839284, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.839334, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.839376, 3] smbd/process.c:1661(process_smb) Transaction 8060 of length 45 (0 toread) [2011/10/11 16:43:39.839418, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.839443, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3588 smt_wct=3 smb_vwv[ 0]=18222 (0x472E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.839704, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.839731, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.839776, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.839819, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.840259, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.840406, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.840454, 3] smbd/reply.c:4850(reply_close) close fd=274 fnum=18222 (numopen=3) [2011/10/11 16:43:39.840497, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.840556, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/.svn/entries, file_id = 801:1a4d8c:0 gen_id = 783 has kernel oplock state of 1. [2011/10/11 16:43:39.840616, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008C4D [2011/10/11 16:43:39.840663, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc37f0 [2011/10/11 16:43:39.840705, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.840769, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c8a, type= 0x3, gen_id = 783, uid = 0, flags = 0, file_id 801:1a4d8c:0, name_hash = 0xc55a9d85 [2011/10/11 16:43:39.840819, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc55a9d85 [2011/10/11 16:43:39.840864, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008C4D [2011/10/11 16:43:39.840918, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/.svn/entries = 0 [2011/10/11 16:43:39.840962, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/.svn/entries [2011/10/11 16:43:39.841008, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/.svn/entries (numopen=2) NT_STATUS_OK [2011/10/11 16:43:39.841052, 5] smbd/files.c:464(file_free) freed files structure 18222 (114 used) [2011/10/11 16:43:39.841097, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.841122, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3588 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.841337, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.841748, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.841799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.841841, 3] smbd/process.c:1661(process_smb) Transaction 8061 of length 45 (0 toread) [2011/10/11 16:43:39.841883, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.841908, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3652 smt_wct=3 smb_vwv[ 0]=18223 (0x472F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.842172, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.842199, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.842244, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.842288, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.842750, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.842880, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.842929, 3] smbd/reply.c:4850(reply_close) close fd=275 fnum=18223 (numopen=2) [2011/10/11 16:43:39.842971, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.843029, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/.svn/prop-base/NTUSER.DAT.svn-base, file_id = 801:1ad076:0 gen_id = 784 has kernel oplock state of 1. [2011/10/11 16:43:39.843089, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000076D0 [2011/10/11 16:43:39.843137, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.843179, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jun 30 11:58:31 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.843243, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4d8d, type= 0x3, gen_id = 784, uid = 0, flags = 0, file_id 801:1ad076:0, name_hash = 0x371f2658 [2011/10/11 16:43:39.843294, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x371f2658 [2011/10/11 16:43:39.843339, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000076D0 [2011/10/11 16:43:39.843393, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/.svn/prop-base/NTUSER.DAT.svn-base = 0 [2011/10/11 16:43:39.843437, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/.svn/prop-base/NTUSER.DAT.svn-base [2011/10/11 16:43:39.843484, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/.svn/prop-base/NTUSER.DAT.svn-base (numopen=1) NT_STATUS_OK [2011/10/11 16:43:39.843527, 5] smbd/files.c:464(file_free) freed files structure 18223 (113 used) [2011/10/11 16:43:39.843574, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.843599, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3652 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.843813, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.844222, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:39.844271, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:39.844314, 3] smbd/process.c:1661(process_smb) Transaction 8062 of length 45 (0 toread) [2011/10/11 16:43:39.844355, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.844380, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3716 smt_wct=3 smb_vwv[ 0]=18224 (0x4730) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:39.844643, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:39.844670, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:39.844731, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:39.844775, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:39.845219, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:39.845349, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:39.845418, 3] smbd/reply.c:4850(reply_close) close fd=276 fnum=18224 (numopen=1) [2011/10/11 16:43:39.845461, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:39.845520, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/.svn/text-base/NTUSER.DAT.svn-base, file_id = 801:18a55c:0 gen_id = 785 has kernel oplock state of 1. [2011/10/11 16:43:39.845580, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005CA5 [2011/10/11 16:43:39.845628, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3800 [2011/10/11 16:43:39.845670, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jun 30 12:01:11 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:39.845735, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4f23, type= 0x3, gen_id = 785, uid = 0, flags = 0, file_id 801:18a55c:0, name_hash = 0x2df55175 [2011/10/11 16:43:39.845785, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2df55175 [2011/10/11 16:43:39.845830, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005CA5 [2011/10/11 16:43:39.845884, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/.svn/text-base/NTUSER.DAT.svn-base = 0 [2011/10/11 16:43:39.845929, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/.svn/text-base/NTUSER.DAT.svn-base [2011/10/11 16:43:39.845975, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/.svn/text-base/NTUSER.DAT.svn-base (numopen=0) NT_STATUS_OK [2011/10/11 16:43:39.846019, 5] smbd/files.c:464(file_free) freed files structure 18224 (112 used) [2011/10/11 16:43:39.846065, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:39.846090, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=3716 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:39.846305, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:43.461207, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 96 [2011/10/11 16:43:43.461390, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x60 [2011/10/11 16:43:43.461436, 3] smbd/process.c:1661(process_smb) Transaction 8063 of length 100 (0 toread) [2011/10/11 16:43:43.461478, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.461503, 5] lib/util.c:341(show_msg) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3780 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=13 [2011/10/11 16:43:43.462102, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 00 00 .\.a.n.d .o... [2011/10/11 16:43:43.462166, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:43.462217, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:43.462262, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:43.462706, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:43.462842, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:43.462887, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:43.462941, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = ando [2011/10/11 16:43:43.462988, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando" [2011/10/11 16:43:43.463034, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:43.463083, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando [2011/10/11 16:43:43.463134, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando [2011/10/11 16:43:43.463195, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:43.463247, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando) returning 0700 [2011/10/11 16:43:43.463293, 2] smbd/open.c:2807(open_directory) open_directory: unable to create ando. Error was NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.463336, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.463377, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.463421, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(154) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.463464, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.463489, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=53 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3780 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:43.463701, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:43.464211, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 86 [2011/10/11 16:43:43.464261, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x56 [2011/10/11 16:43:43.464303, 3] smbd/process.c:1661(process_smb) Transaction 8064 of length 90 (0 toread) [2011/10/11 16:43:43.464344, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.464369, 5] lib/util.c:341(show_msg) size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3844 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=21 [2011/10/11 16:43:43.464820, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 00 00 .o... [2011/10/11 16:43:43.464907, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:43.464952, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:43.464996, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:43.465456, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:43.465585, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:43.465649, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:43.465695, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando" [2011/10/11 16:43:43.465739, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:43.465790, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando hash 0x29c2cd09 [2011/10/11 16:43:43.465847, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:43.465890, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando (fnum = -1) level=1004 call=5 total_data=0 [2011/10/11 16:43:43.465933, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando (fnum = -1) level=1004 max_data=40 [2011/10/11 16:43:43.465976, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando [2011/10/11 16:43:43.466020, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:43.466062, 8] lib/util.c:1319(is_in_path) is_in_path: ando [2011/10/11 16:43:43.466103, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:43.466144, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:43.466206, 10] smbd/trans2.c:4456(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2011/10/11 16:43:43.466249, 5] smbd/trans2.c:4466(smbd_do_qfilepathinfo) SMB_QFBI - create: Tue May 24 11:18:16 2011 access: Mon Oct 10 16:55:39 2011 write: Tue May 24 11:18:16 2011 change: Tue May 24 11:18:16 2011 mode: 10 [2011/10/11 16:43:43.466385, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2011/10/11 16:43:43.466427, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2011/10/11 16:43:43.466469, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.466494, 5] lib/util.c:341(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3844 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2011/10/11 16:43:43.466865, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 FC 72 83 F3 19 CC 01 80 E7 A2 .......r ........ [0010] AC 5C 87 CC 01 00 FC 72 83 F3 19 CC 01 00 FC 72 .\.....r .......r [0020] 83 F3 19 CC 01 10 00 00 00 00 00 00 00 ........ ..... [2011/10/11 16:43:43.467335, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 86 [2011/10/11 16:43:43.467386, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x56 [2011/10/11 16:43:43.467428, 3] smbd/process.c:1661(process_smb) Transaction 8065 of length 90 (0 toread) [2011/10/11 16:43:43.467470, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.467494, 5] lib/util.c:341(show_msg) size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3908 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=21 [2011/10/11 16:43:43.467948, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 00 00 .o... [2011/10/11 16:43:43.468051, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:43.468097, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:43.468140, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:43.468578, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:43.468706, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:43.468752, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2011/10/11 16:43:43.468796, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando" [2011/10/11 16:43:43.468839, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:43.468888, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando hash 0x29c2cd09 [2011/10/11 16:43:43.468936, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:43.468978, 3] smbd/trans2.c:5252(call_trans2qfilepathinfo) call_trans2qfilepathinfo ando (fnum = -1) level=1005 call=5 total_data=0 [2011/10/11 16:43:43.469020, 5] smbd/trans2.c:4227(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: ando (fnum = -1) level=1005 max_data=24 [2011/10/11 16:43:43.469062, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando [2011/10/11 16:43:43.469105, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:43.469147, 8] lib/util.c:1319(is_in_path) is_in_path: ando [2011/10/11 16:43:43.469187, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:43.469228, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:43.469275, 10] smbd/trans2.c:4477(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2011/10/11 16:43:43.469317, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2011/10/11 16:43:43.469359, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2011/10/11 16:43:43.469424, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.469449, 5] lib/util.c:341(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3908 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:43.469820, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2011/10/11 16:43:43.470429, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 146 [2011/10/11 16:43:43.470478, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x92 [2011/10/11 16:43:43.470520, 3] smbd/process.c:1661(process_smb) Transaction 8066 of length 150 (0 toread) [2011/10/11 16:43:43.470562, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.470586, 5] lib/util.c:341(show_msg) size=146 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3972 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15360 (0x3C00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=63 [2011/10/11 16:43:43.471180, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C .W.i.n.d .o.w.s.\ [0030] 00 54 00 68 00 65 00 6D 00 65 00 73 00 00 00 .T.h.e.m .e.s... [2011/10/11 16:43:43.471338, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:43.471383, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:43.471426, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:43.471865, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:43.471993, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:43.472040, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = ando/Microsoft/Windows/Themes [2011/10/11 16:43:43.472087, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Windows/Themes" [2011/10/11 16:43:43.472130, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/WINDOWS/THEMES] -> [ando/Microsoft/Windows/Themes] [2011/10/11 16:43:43.472180, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Windows/Themes [2011/10/11 16:43:43.472244, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Windows/Themes [2011/10/11 16:43:43.472291, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Windows/Themes, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:43.472339, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Windows/Themes) returning 0700 [2011/10/11 16:43:43.472385, 2] smbd/open.c:2807(open_directory) open_directory: unable to create ando/Microsoft/Windows/Themes. Error was NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.472428, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.472470, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.472512, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(154) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_COLLISION [2011/10/11 16:43:43.472555, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.472580, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=53 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=3972 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:43.472791, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:43.473407, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 174 [2011/10/11 16:43:43.473457, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xae [2011/10/11 16:43:43.473498, 3] smbd/process.c:1661(process_smb) Transaction 8067 of length 178 (0 toread) [2011/10/11 16:43:43.473539, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.473564, 5] lib/util.c:341(show_msg) size=174 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=4036 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=22528 (0x5800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=91 [2011/10/11 16:43:43.474159, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C .W.i.n.d .o.w.s.\ [0030] 00 54 00 68 00 65 00 6D 00 65 00 73 00 5C 00 73 .T.h.e.m .e.s.\.s [0040] 00 6C 00 69 00 64 00 65 00 73 00 68 00 6F 00 77 .l.i.d.e .s.h.o.w [0050] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... [2011/10/11 16:43:43.474381, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:43.474425, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:43.474468, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:43.474920, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:43.475048, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:43.475095, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x44 root_dir_fid = 0x0, fname = ando/Microsoft/Windows/Themes/slideshow.ini [2011/10/11 16:43:43.475141, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Windows/Themes/slideshow.ini" [2011/10/11 16:43:43.475185, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/WINDOWS/THEMES/SLIDESHOW.INI] [2011/10/11 16:43:43.475228, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/WINDOWS/THEMES] -> [ando/Microsoft/Windows/Themes] [2011/10/11 16:43:43.475275, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Windows/Themes/slideshow.ini, dirpath = ando/Microsoft/Windows/Themes, start = slideshow.ini [2011/10/11 16:43:43.475326, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Windows/Themes/slideshow.ini, dirpath = ando/Microsoft/Windows/Themes, start = slideshow.ini [2011/10/11 16:43:43.475369, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled slideshow.ini ? [2011/10/11 16:43:43.475410, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component slideshow.ini (len 13) ? [2011/10/11 16:43:43.475455, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled slideshow.ini ? [2011/10/11 16:43:43.475495, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component slideshow.ini (len 13) ? [2011/10/11 16:43:43.475578, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled slideshow.ini ? [2011/10/11 16:43:43.475621, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component slideshow.ini (len 13) ? [2011/10/11 16:43:43.475663, 5] smbd/filename.c:781(unix_convert) New file slideshow.ini [2011/10/11 16:43:43.475705, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x44 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Windows/Themes/slideshow.ini [2011/10/11 16:43:43.475753, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x44 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Windows/Themes/slideshow.ini [2011/10/11 16:43:43.475804, 5] smbd/files.c:126(file_new) allocated file structure 14412, fnum = 18508 (113 used) [2011/10/11 16:43:43.475851, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Windows/Themes/slideshow.ini hash 0xf4dbbeab [2011/10/11 16:43:43.475909, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Windows/Themes/slideshow.ini) returning 0600 [2011/10/11 16:43:43.475953, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Windows/Themes/slideshow.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x44 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:43.476000, 5] smbd/open.c:1849(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requested for file ando/Microsoft/Windows/Themes/slideshow.ini and file doesn't exist. [2011/10/11 16:43:43.476044, 5] smbd/files.c:464(file_free) freed files structure 18508 (112 used) [2011/10/11 16:43:43.476087, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:43.476129, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:43.476171, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:43.476214, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:43.476239, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=4036 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:43.476452, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.691555, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:45.691683, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:45.691727, 3] smbd/process.c:1661(process_smb) Transaction 8068 of length 45 (0 toread) [2011/10/11 16:43:45.691769, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.691794, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4100 smt_wct=3 smb_vwv[ 0]=18440 (0x4808) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:45.692057, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.692086, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:45.692136, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:45.692181, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:45.692628, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:45.692765, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:45.692812, 3] smbd/reply.c:4850(reply_close) close fd=279 fnum=18440 (numopen=111) [2011/10/11 16:43:45.692854, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:45.692947, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk, file_id = 803:404340:0 gen_id = 1001 has kernel oplock state of 1. [2011/10/11 16:43:45.693014, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004043 [2011/10/11 16:43:45.693069, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0bc3820 [2011/10/11 16:43:45.693111, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:45.693179, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x70a5, type= 0x3, gen_id = 1001, uid = 0, flags = 0, file_id 803:404340:0, name_hash = 0xbba8b35 [2011/10/11 16:43:45.693239, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0x7a65, type= 0x40, gen_id = 1008, uid = 0, flags = 0, file_id 803:404340:0, name_hash = 0xbba8b35 [2011/10/11 16:43:45.693289, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbba8b35 [2011/10/11 16:43:45.693345, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004043 [2011/10/11 16:43:45.693446, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk = 0 [2011/10/11 16:43:45.693493, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk [2011/10/11 16:43:45.693543, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (39).lnk (numopen=110) NT_STATUS_OK [2011/10/11 16:43:45.693589, 5] smbd/files.c:464(file_free) freed files structure 18440 (111 used) [2011/10/11 16:43:45.693635, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.693660, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4100 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:45.693870, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.694256, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 35 [2011/10/11 16:43:45.694307, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x23 [2011/10/11 16:43:45.694349, 3] smbd/process.c:1661(process_smb) Transaction 8069 of length 39 (0 toread) [2011/10/11 16:43:45.694390, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.694415, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8 smb_pid=65279 smb_uid=102 smb_mid=4164 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:45.694624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.694651, 3] smbd/process.c:1466(switch_message) switch message SMBtdis (pid 8659) conn 0x7fc9b0c829c0 [2011/10/11 16:43:45.694693, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:45.694734, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:45.694774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:45.694838, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:45.694883, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop [2011/10/11 16:43:45.694941, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:45.695003, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:45.695043, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:45.695104, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:45.695146, 1] smbd/service.c:1291(close_cnum) ts2008 (192.168.68.2) closed connection to service desktop7 [2011/10/11 16:43:45.695194, 3] smbd/connection.c:35(yield_connection) Yielding connection to desktop7 [2011/10/11 16:43:45.695306, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D3210000FFFFFFFF321B [2011/10/11 16:43:45.695356, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d80c60 [2011/10/11 16:43:45.695407, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D3210000FFFFFFFF321B [2011/10/11 16:43:45.695522, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/10/11 16:43:45.695566, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:45.695607, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:45.695647, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:45.695708, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:45.695759, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 784 - private_data=0x7fc9b0c83de0 [2011/10/11 16:43:45.695809, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.695834, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=8 smb_pid=65279 smb_uid=102 smb_mid=4164 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:45.696046, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.696493, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:45.696543, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:45.696584, 3] smbd/process.c:1661(process_smb) Transaction 8070 of length 45 (0 toread) [2011/10/11 16:43:45.696626, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.696651, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4228 smt_wct=3 smb_vwv[ 0]=18485 (0x4835) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:45.696910, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:45.696937, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:45.696982, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:45.697026, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:45.697507, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:45.697635, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:45.697679, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:45.697726, 3] smbd/reply.c:4850(reply_close) close fd=385 fnum=18485 (numopen=110) [2011/10/11 16:43:45.697767, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:45.697831, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk, file_id = 803:404341:0 gen_id = 1046 has kernel oplock state of 1. [2011/10/11 16:43:45.697893, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004143 [2011/10/11 16:43:45.697941, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d80de0 [2011/10/11 16:43:45.697984, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:45.698049, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb4a5, type= 0x3, gen_id = 1046, uid = 0, flags = 0, file_id 803:404341:0, name_hash = 0xc2337d8c [2011/10/11 16:43:45.698108, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0xbe25, type= 0x40, gen_id = 1053, uid = 0, flags = 0, file_id 803:404341:0, name_hash = 0xc2337d8c [2011/10/11 16:43:45.698158, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc2337d8c [2011/10/11 16:43:45.698204, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004143 [2011/10/11 16:43:45.698258, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk = 0 [2011/10/11 16:43:45.698303, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk [2011/10/11 16:43:45.698352, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (39).lnk (numopen=109) NT_STATUS_OK [2011/10/11 16:43:45.698397, 5] smbd/files.c:464(file_free) freed files structure 18485 (110 used) [2011/10/11 16:43:45.698440, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:45.698466, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4228 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:45.698677, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.682215, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.682344, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.682388, 3] smbd/process.c:1661(process_smb) Transaction 8071 of length 45 (0 toread) [2011/10/11 16:43:51.682431, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.682456, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4292 smt_wct=3 smb_vwv[ 0]=18507 (0x484B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.682750, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.682781, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.682831, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.682877, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.683324, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.683460, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.683507, 3] smbd/reply.c:4850(reply_close) close fd=31 fnum=18507 (numopen=109) [2011/10/11 16:43:51.683549, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.683617, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk, file_id = 803:414005:0 gen_id = 1068 has kernel oplock state of 1. [2011/10/11 16:43:51.683684, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000540 [2011/10/11 16:43:51.683739, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d80dc0 [2011/10/11 16:43:51.683781, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Oct 6 15:14:30 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.683850, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0xf904, type= 0x3, gen_id = 1068, uid = 0, flags = 0, file_id 803:414005:0, name_hash = 0x95bcfbb3 [2011/10/11 16:43:51.683902, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95bcfbb3 [2011/10/11 16:43:51.683949, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000540 [2011/10/11 16:43:51.684005, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk = 0 [2011/10/11 16:43:51.684050, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk [2011/10/11 16:43:51.684100, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk (numopen=108) NT_STATUS_OK [2011/10/11 16:43:51.684146, 5] smbd/files.c:464(file_free) freed files structure 18507 (109 used) [2011/10/11 16:43:51.684192, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.684217, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4292 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.684428, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.684801, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 35 [2011/10/11 16:43:51.684854, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x23 [2011/10/11 16:43:51.684896, 3] smbd/process.c:1661(process_smb) Transaction 8072 of length 39 (0 toread) [2011/10/11 16:43:51.684938, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.684963, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=4356 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.685176, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.685203, 3] smbd/process.c:1466(switch_message) switch message SMBtdis (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:51.685245, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.685287, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:51.685327, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:51.685415, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:51.685460, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:51.685520, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.685561, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:51.685602, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:51.685662, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:51.685705, 1] smbd/service.c:1291(close_cnum) ts2008 (192.168.68.2) closed connection to service tempprof [2011/10/11 16:43:51.685753, 3] smbd/connection.c:35(yield_connection) Yielding connection to tempprof [2011/10/11 16:43:51.685864, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D3210000FFFFFFFF321B [2011/10/11 16:43:51.685916, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d80c60 [2011/10/11 16:43:51.685977, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D3210000FFFFFFFF321B [2011/10/11 16:43:51.686092, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/10/11 16:43:51.686137, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.686178, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:51.686218, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:51.686279, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:51.716560, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 784 - private_data=0x7fc9b09e6350 [2011/10/11 16:43:51.716700, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.716727, 5] lib/util.c:341(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=4356 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.716941, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.717499, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.717562, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.717608, 3] smbd/process.c:1661(process_smb) Transaction 8073 of length 45 (0 toread) [2011/10/11 16:43:51.717651, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.717676, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4420 smt_wct=3 smb_vwv[ 0]=18264 (0x4758) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.717970, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.717999, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.718050, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.718100, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.718556, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.718691, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.718739, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:51.718804, 3] smbd/reply.c:4850(reply_close) close fd=280 fnum=18264 (numopen=108) [2011/10/11 16:43:51.718847, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.718916, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk, file_id = 803:404245:0 gen_id = 825 has kernel oplock state of 1. [2011/10/11 16:43:51.718983, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004542 [2011/10/11 16:43:51.719038, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d80de0 [2011/10/11 16:43:51.719080, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.719152, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x89a5, type= 0x3, gen_id = 825, uid = 0, flags = 0, file_id 803:404245:0, name_hash = 0x7b08bb42 [2011/10/11 16:43:51.719207, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7b08bb42 [2011/10/11 16:43:51.719262, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004542 [2011/10/11 16:43:51.719318, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk = 0 [2011/10/11 16:43:51.719364, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk [2011/10/11 16:43:51.719416, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk (numopen=107) NT_STATUS_OK [2011/10/11 16:43:51.719465, 5] smbd/files.c:464(file_free) freed files structure 18264 (108 used) [2011/10/11 16:43:51.719538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.719563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4420 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.719775, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.720207, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.720258, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.720300, 3] smbd/process.c:1661(process_smb) Transaction 8074 of length 45 (0 toread) [2011/10/11 16:43:51.720344, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.720368, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4484 smt_wct=3 smb_vwv[ 0]=18265 (0x4759) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.720628, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.720655, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.720700, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.720743, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.721184, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.721314, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.721363, 3] smbd/reply.c:4850(reply_close) close fd=281 fnum=18265 (numopen=107) [2011/10/11 16:43:51.721429, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.721490, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk, file_id = 803:404247:0 gen_id = 826 has kernel oplock state of 1. [2011/10/11 16:43:51.721551, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004742 [2011/10/11 16:43:51.721600, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.721642, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.721707, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8b25, type= 0x3, gen_id = 826, uid = 0, flags = 0, file_id 803:404247:0, name_hash = 0x5ac4287d [2011/10/11 16:43:51.721757, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5ac4287d [2011/10/11 16:43:51.721825, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004742 [2011/10/11 16:43:51.721880, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk = 0 [2011/10/11 16:43:51.721925, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk [2011/10/11 16:43:51.721974, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk (numopen=106) NT_STATUS_OK [2011/10/11 16:43:51.722019, 5] smbd/files.c:464(file_free) freed files structure 18265 (107 used) [2011/10/11 16:43:51.722071, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.722096, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4484 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.722310, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.722723, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.722775, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.722819, 3] smbd/process.c:1661(process_smb) Transaction 8075 of length 45 (0 toread) [2011/10/11 16:43:51.722861, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.722886, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4548 smt_wct=3 smb_vwv[ 0]=18266 (0x475A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.723149, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.723176, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.723221, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.723265, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.723712, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.723843, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.723892, 3] smbd/reply.c:4850(reply_close) close fd=282 fnum=18266 (numopen=106) [2011/10/11 16:43:51.723934, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.723993, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk, file_id = 803:7fc00d:0 gen_id = 827 has kernel oplock state of 1. [2011/10/11 16:43:51.724071, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000DC0 [2011/10/11 16:43:51.724120, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c891b0 [2011/10/11 16:43:51.724162, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.724227, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8ca5, type= 0x3, gen_id = 827, uid = 0, flags = 0, file_id 803:7fc00d:0, name_hash = 0x88feaa0a [2011/10/11 16:43:51.724276, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88feaa0a [2011/10/11 16:43:51.724320, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000DC0 [2011/10/11 16:43:51.724374, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk = 0 [2011/10/11 16:43:51.724418, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk [2011/10/11 16:43:51.724465, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk (numopen=105) NT_STATUS_OK [2011/10/11 16:43:51.724510, 5] smbd/files.c:464(file_free) freed files structure 18266 (106 used) [2011/10/11 16:43:51.724557, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.724582, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4548 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.724793, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.725196, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.725248, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.725289, 3] smbd/process.c:1661(process_smb) Transaction 8076 of length 45 (0 toread) [2011/10/11 16:43:51.725331, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.725355, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4612 smt_wct=3 smb_vwv[ 0]=18267 (0x475B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.725635, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.725662, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.725707, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.725750, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.726186, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.726331, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.726380, 3] smbd/reply.c:4850(reply_close) close fd=283 fnum=18267 (numopen=105) [2011/10/11 16:43:51.726422, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.726481, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk, file_id = 803:404249:0 gen_id = 828 has kernel oplock state of 1. [2011/10/11 16:43:51.726541, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004942 [2011/10/11 16:43:51.726589, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.726631, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.726695, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8e25, type= 0x3, gen_id = 828, uid = 0, flags = 0, file_id 803:404249:0, name_hash = 0x4aff2134 [2011/10/11 16:43:51.726744, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4aff2134 [2011/10/11 16:43:51.726789, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004942 [2011/10/11 16:43:51.726843, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk = 0 [2011/10/11 16:43:51.726888, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk [2011/10/11 16:43:51.726935, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk (numopen=104) NT_STATUS_OK [2011/10/11 16:43:51.726982, 5] smbd/files.c:464(file_free) freed files structure 18267 (105 used) [2011/10/11 16:43:51.727033, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.727058, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4612 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.727270, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.727665, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.727716, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.727758, 3] smbd/process.c:1661(process_smb) Transaction 8077 of length 45 (0 toread) [2011/10/11 16:43:51.727799, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.727824, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4676 smt_wct=3 smb_vwv[ 0]=18268 (0x475C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.728087, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.728113, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.728159, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.728202, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.728658, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.728787, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.728835, 3] smbd/reply.c:4850(reply_close) close fd=284 fnum=18268 (numopen=104) [2011/10/11 16:43:51.728877, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.728936, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk, file_id = 803:7fc00f:0 gen_id = 829 has kernel oplock state of 1. [2011/10/11 16:43:51.728996, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000FC0 [2011/10/11 16:43:51.729044, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.729086, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.729150, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8fa5, type= 0x3, gen_id = 829, uid = 0, flags = 0, file_id 803:7fc00f:0, name_hash = 0xbb927cc3 [2011/10/11 16:43:51.729199, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb927cc3 [2011/10/11 16:43:51.729244, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000FC0 [2011/10/11 16:43:51.729298, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk = 0 [2011/10/11 16:43:51.729343, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk [2011/10/11 16:43:51.729411, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk (numopen=103) NT_STATUS_OK [2011/10/11 16:43:51.729457, 5] smbd/files.c:464(file_free) freed files structure 18268 (104 used) [2011/10/11 16:43:51.729505, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.729530, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4676 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.729743, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.730126, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.730178, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.730221, 3] smbd/process.c:1661(process_smb) Transaction 8078 of length 45 (0 toread) [2011/10/11 16:43:51.730264, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.730307, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4740 smt_wct=3 smb_vwv[ 0]=18269 (0x475D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.730569, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.730596, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.730641, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.730685, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.731129, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.731258, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.731307, 3] smbd/reply.c:4850(reply_close) close fd=285 fnum=18269 (numopen=103) [2011/10/11 16:43:51.731349, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.731410, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk, file_id = 803:40424b:0 gen_id = 830 has kernel oplock state of 1. [2011/10/11 16:43:51.731470, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004B42 [2011/10/11 16:43:51.731518, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.731560, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.731624, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9125, type= 0x3, gen_id = 830, uid = 0, flags = 0, file_id 803:40424b:0, name_hash = 0xeb5bb8c7 [2011/10/11 16:43:51.731673, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xeb5bb8c7 [2011/10/11 16:43:51.731718, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004B42 [2011/10/11 16:43:51.731772, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk = 0 [2011/10/11 16:43:51.731818, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk [2011/10/11 16:43:51.731865, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk (numopen=102) NT_STATUS_OK [2011/10/11 16:43:51.731925, 5] smbd/files.c:464(file_free) freed files structure 18269 (103 used) [2011/10/11 16:43:51.731973, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.731998, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4740 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.732209, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.732596, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.732647, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.732689, 3] smbd/process.c:1661(process_smb) Transaction 8079 of length 45 (0 toread) [2011/10/11 16:43:51.732731, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.732755, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4804 smt_wct=3 smb_vwv[ 0]=18270 (0x475E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.733014, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.733041, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.733086, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.733130, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.733591, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.733719, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.733768, 3] smbd/reply.c:4850(reply_close) close fd=286 fnum=18270 (numopen=102) [2011/10/11 16:43:51.733810, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.733868, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk, file_id = 803:7fc011:0 gen_id = 831 has kernel oplock state of 1. [2011/10/11 16:43:51.733929, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000011C0 [2011/10/11 16:43:51.733976, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.734018, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.734082, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x92a5, type= 0x3, gen_id = 831, uid = 0, flags = 0, file_id 803:7fc011:0, name_hash = 0xfb0d3fd3 [2011/10/11 16:43:51.734131, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfb0d3fd3 [2011/10/11 16:43:51.734194, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000011C0 [2011/10/11 16:43:51.734248, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk = 0 [2011/10/11 16:43:51.734293, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk [2011/10/11 16:43:51.734340, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk (numopen=101) NT_STATUS_OK [2011/10/11 16:43:51.734385, 5] smbd/files.c:464(file_free) freed files structure 18270 (102 used) [2011/10/11 16:43:51.734433, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.734458, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4804 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.734669, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.735061, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.735111, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.735153, 3] smbd/process.c:1661(process_smb) Transaction 8080 of length 45 (0 toread) [2011/10/11 16:43:51.735197, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.735221, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4868 smt_wct=3 smb_vwv[ 0]=18271 (0x475F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.735482, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.735508, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.735553, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.735597, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.736036, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.736164, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.736212, 3] smbd/reply.c:4850(reply_close) close fd=287 fnum=18271 (numopen=101) [2011/10/11 16:43:51.736255, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.736314, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk, file_id = 803:40424d:0 gen_id = 832 has kernel oplock state of 1. [2011/10/11 16:43:51.736391, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004D42 [2011/10/11 16:43:51.736440, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.736481, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.736545, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9425, type= 0x3, gen_id = 832, uid = 0, flags = 0, file_id 803:40424d:0, name_hash = 0x4bbc30a0 [2011/10/11 16:43:51.736594, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4bbc30a0 [2011/10/11 16:43:51.736643, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004D42 [2011/10/11 16:43:51.736697, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk = 0 [2011/10/11 16:43:51.736742, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk [2011/10/11 16:43:51.736790, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk (numopen=100) NT_STATUS_OK [2011/10/11 16:43:51.736834, 5] smbd/files.c:464(file_free) freed files structure 18271 (101 used) [2011/10/11 16:43:51.736883, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.736909, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4868 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.737121, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.737506, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.737559, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.737601, 3] smbd/process.c:1661(process_smb) Transaction 8081 of length 45 (0 toread) [2011/10/11 16:43:51.737643, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.737668, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4932 smt_wct=3 smb_vwv[ 0]=18272 (0x4760) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.737928, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.737955, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.738000, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.738044, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.738502, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.738631, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.738679, 3] smbd/reply.c:4850(reply_close) close fd=288 fnum=18272 (numopen=100) [2011/10/11 16:43:51.738721, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.738781, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk, file_id = 803:404310:0 gen_id = 833 has kernel oplock state of 1. [2011/10/11 16:43:51.738842, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001043 [2011/10/11 16:43:51.738889, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.738931, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.738995, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x95a5, type= 0x3, gen_id = 833, uid = 0, flags = 0, file_id 803:404310:0, name_hash = 0xff53a764 [2011/10/11 16:43:51.739045, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xff53a764 [2011/10/11 16:43:51.739090, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001043 [2011/10/11 16:43:51.739143, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk = 0 [2011/10/11 16:43:51.739189, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk [2011/10/11 16:43:51.739236, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk (numopen=99) NT_STATUS_OK [2011/10/11 16:43:51.739281, 5] smbd/files.c:464(file_free) freed files structure 18272 (100 used) [2011/10/11 16:43:51.739330, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.739355, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4932 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.739569, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.739929, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.739979, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.740021, 3] smbd/process.c:1661(process_smb) Transaction 8082 of length 45 (0 toread) [2011/10/11 16:43:51.740062, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.740087, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4996 smt_wct=3 smb_vwv[ 0]=18273 (0x4761) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.740350, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.740377, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.740422, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.740468, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.740926, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.741056, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.741104, 3] smbd/reply.c:4850(reply_close) close fd=289 fnum=18273 (numopen=99) [2011/10/11 16:43:51.741145, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.741204, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk, file_id = 803:404312:0 gen_id = 834 has kernel oplock state of 1. [2011/10/11 16:43:51.741264, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001243 [2011/10/11 16:43:51.741312, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca6290 [2011/10/11 16:43:51.741354, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.741438, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9725, type= 0x3, gen_id = 834, uid = 0, flags = 0, file_id 803:404312:0, name_hash = 0x2db8bfcd [2011/10/11 16:43:51.741488, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2db8bfcd [2011/10/11 16:43:51.741533, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001243 [2011/10/11 16:43:51.741587, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk = 0 [2011/10/11 16:43:51.741632, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk [2011/10/11 16:43:51.741680, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk (numopen=98) NT_STATUS_OK [2011/10/11 16:43:51.741725, 5] smbd/files.c:464(file_free) freed files structure 18273 (99 used) [2011/10/11 16:43:51.741773, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.741798, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=4996 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.742011, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.742393, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.742443, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.742485, 3] smbd/process.c:1661(process_smb) Transaction 8083 of length 45 (0 toread) [2011/10/11 16:43:51.742526, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.742569, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5060 smt_wct=3 smb_vwv[ 0]=18274 (0x4762) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.742833, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.742860, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.742905, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.742949, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.743390, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.743519, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.743568, 3] smbd/reply.c:4850(reply_close) close fd=290 fnum=18274 (numopen=98) [2011/10/11 16:43:51.743610, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.743668, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk, file_id = 803:7fc001:0 gen_id = 835 has kernel oplock state of 1. [2011/10/11 16:43:51.743728, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000001C0 [2011/10/11 16:43:51.743775, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.743817, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.743881, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x98a5, type= 0x3, gen_id = 835, uid = 0, flags = 0, file_id 803:7fc001:0, name_hash = 0xf9e368f6 [2011/10/11 16:43:51.743930, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf9e368f6 [2011/10/11 16:43:51.743975, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000001C0 [2011/10/11 16:43:51.744029, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk = 0 [2011/10/11 16:43:51.744073, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk [2011/10/11 16:43:51.744120, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk (numopen=97) NT_STATUS_OK [2011/10/11 16:43:51.744180, 5] smbd/files.c:464(file_free) freed files structure 18274 (98 used) [2011/10/11 16:43:51.744228, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.744253, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5060 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.744467, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.744842, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.744893, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.744934, 3] smbd/process.c:1661(process_smb) Transaction 8084 of length 45 (0 toread) [2011/10/11 16:43:51.744976, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.745001, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5124 smt_wct=3 smb_vwv[ 0]=18275 (0x4763) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.745263, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.745290, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.745335, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.745398, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.745842, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.745971, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.746020, 3] smbd/reply.c:4850(reply_close) close fd=291 fnum=18275 (numopen=97) [2011/10/11 16:43:51.746062, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.746120, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk, file_id = 803:404314:0 gen_id = 836 has kernel oplock state of 1. [2011/10/11 16:43:51.746180, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001443 [2011/10/11 16:43:51.746228, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.746270, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.746334, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9a25, type= 0x3, gen_id = 836, uid = 0, flags = 0, file_id 803:404314:0, name_hash = 0xf5cdc8bb [2011/10/11 16:43:51.746383, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf5cdc8bb [2011/10/11 16:43:51.746446, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001443 [2011/10/11 16:43:51.746500, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk = 0 [2011/10/11 16:43:51.746545, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk [2011/10/11 16:43:51.746592, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk (numopen=96) NT_STATUS_OK [2011/10/11 16:43:51.746637, 5] smbd/files.c:464(file_free) freed files structure 18275 (97 used) [2011/10/11 16:43:51.746684, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.746710, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5124 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.746922, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.747317, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.747367, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.747410, 3] smbd/process.c:1661(process_smb) Transaction 8085 of length 45 (0 toread) [2011/10/11 16:43:51.747452, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.747476, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5188 smt_wct=3 smb_vwv[ 0]=18276 (0x4764) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.747738, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.747765, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.747811, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.747855, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.748298, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.748427, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.748475, 3] smbd/reply.c:4850(reply_close) close fd=292 fnum=18276 (numopen=96) [2011/10/11 16:43:51.748517, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.748577, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk, file_id = 803:404316:0 gen_id = 837 has kernel oplock state of 1. [2011/10/11 16:43:51.748654, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001643 [2011/10/11 16:43:51.748703, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.748745, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.748808, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ba5, type= 0x3, gen_id = 837, uid = 0, flags = 0, file_id 803:404316:0, name_hash = 0x4808115f [2011/10/11 16:43:51.748857, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4808115f [2011/10/11 16:43:51.748902, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001643 [2011/10/11 16:43:51.748956, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk = 0 [2011/10/11 16:43:51.749001, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk [2011/10/11 16:43:51.749048, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk (numopen=95) NT_STATUS_OK [2011/10/11 16:43:51.749093, 5] smbd/files.c:464(file_free) freed files structure 18276 (96 used) [2011/10/11 16:43:51.749141, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.749166, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5188 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.749400, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.749749, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.749799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.749841, 3] smbd/process.c:1661(process_smb) Transaction 8086 of length 45 (0 toread) [2011/10/11 16:43:51.749883, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.749907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5252 smt_wct=3 smb_vwv[ 0]=18277 (0x4765) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.750169, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.750196, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.750241, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.750285, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.750743, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.750872, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.750921, 3] smbd/reply.c:4850(reply_close) close fd=293 fnum=18277 (numopen=95) [2011/10/11 16:43:51.750963, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.751023, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk, file_id = 803:404318:0 gen_id = 838 has kernel oplock state of 1. [2011/10/11 16:43:51.751083, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001843 [2011/10/11 16:43:51.751130, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.751172, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.751236, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9d25, type= 0x3, gen_id = 838, uid = 0, flags = 0, file_id 803:404318:0, name_hash = 0x310703aa [2011/10/11 16:43:51.751285, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x310703aa [2011/10/11 16:43:51.751330, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001843 [2011/10/11 16:43:51.751384, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk = 0 [2011/10/11 16:43:51.751430, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk [2011/10/11 16:43:51.751477, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk (numopen=94) NT_STATUS_OK [2011/10/11 16:43:51.751522, 5] smbd/files.c:464(file_free) freed files structure 18277 (95 used) [2011/10/11 16:43:51.751568, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.751593, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5252 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.751806, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.752195, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.752243, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.752285, 3] smbd/process.c:1661(process_smb) Transaction 8087 of length 45 (0 toread) [2011/10/11 16:43:51.752327, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.752352, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5316 smt_wct=3 smb_vwv[ 0]=18278 (0x4766) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.752613, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.752639, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.752684, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.752728, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.753186, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.753315, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.753365, 3] smbd/reply.c:4850(reply_close) close fd=294 fnum=18278 (numopen=94) [2011/10/11 16:43:51.753427, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.753486, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk, file_id = 803:40431a:0 gen_id = 839 has kernel oplock state of 1. [2011/10/11 16:43:51.753546, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001A43 [2011/10/11 16:43:51.753593, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.753635, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.753700, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ea5, type= 0x3, gen_id = 839, uid = 0, flags = 0, file_id 803:40431a:0, name_hash = 0x55c86a8 [2011/10/11 16:43:51.753749, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x55c86a8 [2011/10/11 16:43:51.753794, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001A43 [2011/10/11 16:43:51.753848, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk = 0 [2011/10/11 16:43:51.753893, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk [2011/10/11 16:43:51.753941, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk (numopen=93) NT_STATUS_OK [2011/10/11 16:43:51.753985, 5] smbd/files.c:464(file_free) freed files structure 18278 (94 used) [2011/10/11 16:43:51.754033, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.754058, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5316 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.754272, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.754672, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.754723, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.754766, 3] smbd/process.c:1661(process_smb) Transaction 8088 of length 45 (0 toread) [2011/10/11 16:43:51.754827, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.754852, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5380 smt_wct=3 smb_vwv[ 0]=18279 (0x4767) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.755116, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.755144, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.755189, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.755233, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.755678, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.755808, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.755857, 3] smbd/reply.c:4850(reply_close) close fd=295 fnum=18279 (numopen=93) [2011/10/11 16:43:51.755899, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.755957, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk, file_id = 803:404321:0 gen_id = 840 has kernel oplock state of 1. [2011/10/11 16:43:51.756017, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002143 [2011/10/11 16:43:51.756065, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.756107, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.756171, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa025, type= 0x3, gen_id = 840, uid = 0, flags = 0, file_id 803:404321:0, name_hash = 0x8acd18fa [2011/10/11 16:43:51.756220, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8acd18fa [2011/10/11 16:43:51.756265, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002143 [2011/10/11 16:43:51.756319, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk = 0 [2011/10/11 16:43:51.756364, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk [2011/10/11 16:43:51.756411, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk (numopen=92) NT_STATUS_OK [2011/10/11 16:43:51.756471, 5] smbd/files.c:464(file_free) freed files structure 18279 (93 used) [2011/10/11 16:43:51.756522, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.756549, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5380 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.756763, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.757153, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.757205, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.757248, 3] smbd/process.c:1661(process_smb) Transaction 8089 of length 45 (0 toread) [2011/10/11 16:43:51.757290, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.757315, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5444 smt_wct=3 smb_vwv[ 0]=18280 (0x4768) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.757598, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.757625, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.757670, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.757714, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.758154, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.758283, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.758331, 3] smbd/reply.c:4850(reply_close) close fd=296 fnum=18280 (numopen=92) [2011/10/11 16:43:51.758372, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.758431, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk, file_id = 803:404323:0 gen_id = 841 has kernel oplock state of 1. [2011/10/11 16:43:51.758491, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002343 [2011/10/11 16:43:51.758539, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.758581, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.758645, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa1a5, type= 0x3, gen_id = 841, uid = 0, flags = 0, file_id 803:404323:0, name_hash = 0x57e57761 [2011/10/11 16:43:51.758711, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x57e57761 [2011/10/11 16:43:51.758761, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002343 [2011/10/11 16:43:51.758816, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk = 0 [2011/10/11 16:43:51.758861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk [2011/10/11 16:43:51.758908, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk (numopen=91) NT_STATUS_OK [2011/10/11 16:43:51.758953, 5] smbd/files.c:464(file_free) freed files structure 18280 (92 used) [2011/10/11 16:43:51.759002, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.759027, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5444 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.759242, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.759641, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.759692, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.759734, 3] smbd/process.c:1661(process_smb) Transaction 8090 of length 45 (0 toread) [2011/10/11 16:43:51.759776, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.759801, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5508 smt_wct=3 smb_vwv[ 0]=18281 (0x4769) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.760064, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.760091, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.760136, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.760179, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.760622, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.760752, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.760800, 3] smbd/reply.c:4850(reply_close) close fd=297 fnum=18281 (numopen=91) [2011/10/11 16:43:51.760842, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.760901, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk, file_id = 803:404325:0 gen_id = 842 has kernel oplock state of 1. [2011/10/11 16:43:51.760979, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002543 [2011/10/11 16:43:51.761027, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.761069, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.761134, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa325, type= 0x3, gen_id = 842, uid = 0, flags = 0, file_id 803:404325:0, name_hash = 0xe9f90b3e [2011/10/11 16:43:51.761183, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe9f90b3e [2011/10/11 16:43:51.761229, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002543 [2011/10/11 16:43:51.761283, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk = 0 [2011/10/11 16:43:51.761328, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk [2011/10/11 16:43:51.761395, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk (numopen=90) NT_STATUS_OK [2011/10/11 16:43:51.761441, 5] smbd/files.c:464(file_free) freed files structure 18281 (91 used) [2011/10/11 16:43:51.761490, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.761516, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5508 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.761730, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.762110, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.762160, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.762204, 3] smbd/process.c:1661(process_smb) Transaction 8091 of length 45 (0 toread) [2011/10/11 16:43:51.762246, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.762270, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5572 smt_wct=3 smb_vwv[ 0]=18282 (0x476A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.762533, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.762560, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.762605, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.762649, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.763110, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.763240, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.763287, 3] smbd/reply.c:4850(reply_close) close fd=298 fnum=18282 (numopen=90) [2011/10/11 16:43:51.763329, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.763388, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk, file_id = 803:404327:0 gen_id = 843 has kernel oplock state of 1. [2011/10/11 16:43:51.763449, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002743 [2011/10/11 16:43:51.763496, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.763538, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.763602, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa4a5, type= 0x3, gen_id = 843, uid = 0, flags = 0, file_id 803:404327:0, name_hash = 0x5a199423 [2011/10/11 16:43:51.763652, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5a199423 [2011/10/11 16:43:51.763697, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002743 [2011/10/11 16:43:51.763750, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk = 0 [2011/10/11 16:43:51.763795, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk [2011/10/11 16:43:51.763842, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk (numopen=89) NT_STATUS_OK [2011/10/11 16:43:51.763887, 5] smbd/files.c:464(file_free) freed files structure 18282 (90 used) [2011/10/11 16:43:51.763936, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.763961, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5572 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.764175, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.764573, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.764621, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.764663, 3] smbd/process.c:1661(process_smb) Transaction 8092 of length 45 (0 toread) [2011/10/11 16:43:51.764705, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.764729, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5636 smt_wct=3 smb_vwv[ 0]=18283 (0x476B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.764990, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.765017, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.765062, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.765105, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.765582, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.765712, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.765760, 3] smbd/reply.c:4850(reply_close) close fd=299 fnum=18283 (numopen=89) [2011/10/11 16:43:51.765802, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.765860, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk, file_id = 803:404329:0 gen_id = 844 has kernel oplock state of 1. [2011/10/11 16:43:51.765920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002943 [2011/10/11 16:43:51.765968, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.766010, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.766073, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa625, type= 0x3, gen_id = 844, uid = 0, flags = 0, file_id 803:404329:0, name_hash = 0xd979a53f [2011/10/11 16:43:51.766123, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd979a53f [2011/10/11 16:43:51.766168, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002943 [2011/10/11 16:43:51.766222, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk = 0 [2011/10/11 16:43:51.766266, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk [2011/10/11 16:43:51.766314, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk (numopen=88) NT_STATUS_OK [2011/10/11 16:43:51.766359, 5] smbd/files.c:464(file_free) freed files structure 18283 (89 used) [2011/10/11 16:43:51.766408, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.766434, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5636 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.766648, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.767048, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.767098, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.767141, 3] smbd/process.c:1661(process_smb) Transaction 8093 of length 45 (0 toread) [2011/10/11 16:43:51.767200, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.767225, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5700 smt_wct=3 smb_vwv[ 0]=18284 (0x476C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.767486, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.767513, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.767559, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.767602, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.768039, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.768167, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.768214, 3] smbd/reply.c:4850(reply_close) close fd=300 fnum=18284 (numopen=88) [2011/10/11 16:43:51.768256, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.768314, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk, file_id = 803:40432b:0 gen_id = 845 has kernel oplock state of 1. [2011/10/11 16:43:51.768375, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002B43 [2011/10/11 16:43:51.768422, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.768463, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.768527, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa7a5, type= 0x3, gen_id = 845, uid = 0, flags = 0, file_id 803:40432b:0, name_hash = 0x574b1b52 [2011/10/11 16:43:51.768576, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x574b1b52 [2011/10/11 16:43:51.768621, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002B43 [2011/10/11 16:43:51.768675, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk = 0 [2011/10/11 16:43:51.768720, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk [2011/10/11 16:43:51.768767, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk (numopen=87) NT_STATUS_OK [2011/10/11 16:43:51.768826, 5] smbd/files.c:464(file_free) freed files structure 18284 (88 used) [2011/10/11 16:43:51.768876, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.768902, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5700 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.769114, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.769514, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.769566, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.769609, 3] smbd/process.c:1661(process_smb) Transaction 8094 of length 45 (0 toread) [2011/10/11 16:43:51.769650, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.769674, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5764 smt_wct=3 smb_vwv[ 0]=18285 (0x476D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.769935, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.769961, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.770007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.770050, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.770488, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.770617, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.770664, 3] smbd/reply.c:4850(reply_close) close fd=301 fnum=18285 (numopen=87) [2011/10/11 16:43:51.770706, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.770765, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk, file_id = 803:404197:0 gen_id = 846 has kernel oplock state of 1. [2011/10/11 16:43:51.770825, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009741 [2011/10/11 16:43:51.770872, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.770914, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.770978, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa925, type= 0x3, gen_id = 846, uid = 0, flags = 0, file_id 803:404197:0, name_hash = 0x48d9fcc4 [2011/10/11 16:43:51.771045, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x48d9fcc4 [2011/10/11 16:43:51.771091, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009741 [2011/10/11 16:43:51.771145, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk = 0 [2011/10/11 16:43:51.771190, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk [2011/10/11 16:43:51.771237, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk (numopen=86) NT_STATUS_OK [2011/10/11 16:43:51.771282, 5] smbd/files.c:464(file_free) freed files structure 18285 (87 used) [2011/10/11 16:43:51.771332, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.771357, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5764 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.771571, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.771928, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.771976, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.772019, 3] smbd/process.c:1661(process_smb) Transaction 8095 of length 45 (0 toread) [2011/10/11 16:43:51.772060, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.772085, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5828 smt_wct=3 smb_vwv[ 0]=18286 (0x476E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.772346, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.772373, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.772418, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.772461, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.772900, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.773029, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.773077, 3] smbd/reply.c:4850(reply_close) close fd=302 fnum=18286 (numopen=86) [2011/10/11 16:43:51.773119, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.773177, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk, file_id = 803:40432d:0 gen_id = 847 has kernel oplock state of 1. [2011/10/11 16:43:51.773253, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002D43 [2011/10/11 16:43:51.773301, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.773343, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.773429, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaaa5, type= 0x3, gen_id = 847, uid = 0, flags = 0, file_id 803:40432d:0, name_hash = 0x11561aca [2011/10/11 16:43:51.773478, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x11561aca [2011/10/11 16:43:51.773523, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002D43 [2011/10/11 16:43:51.773577, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk = 0 [2011/10/11 16:43:51.773622, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk [2011/10/11 16:43:51.773669, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk (numopen=85) NT_STATUS_OK [2011/10/11 16:43:51.773714, 5] smbd/files.c:464(file_free) freed files structure 18286 (86 used) [2011/10/11 16:43:51.773765, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.773791, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5828 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.774007, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.774394, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.774444, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.774486, 3] smbd/process.c:1661(process_smb) Transaction 8096 of length 45 (0 toread) [2011/10/11 16:43:51.774528, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.774552, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5892 smt_wct=3 smb_vwv[ 0]=18287 (0x476F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.774815, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.774842, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.774887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.774930, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.775391, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.775520, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.775568, 3] smbd/reply.c:4850(reply_close) close fd=303 fnum=18287 (numopen=85) [2011/10/11 16:43:51.775610, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.775669, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk, file_id = 803:40432f:0 gen_id = 848 has kernel oplock state of 1. [2011/10/11 16:43:51.775728, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002F43 [2011/10/11 16:43:51.775776, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.775818, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.775882, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xac25, type= 0x3, gen_id = 848, uid = 0, flags = 0, file_id 803:40432f:0, name_hash = 0x4a7c5015 [2011/10/11 16:43:51.775931, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4a7c5015 [2011/10/11 16:43:51.775976, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002F43 [2011/10/11 16:43:51.776030, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk = 0 [2011/10/11 16:43:51.776076, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk [2011/10/11 16:43:51.776123, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk (numopen=84) NT_STATUS_OK [2011/10/11 16:43:51.776167, 5] smbd/files.c:464(file_free) freed files structure 18287 (85 used) [2011/10/11 16:43:51.776217, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.776242, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5892 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.776455, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.776837, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.776888, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.776930, 3] smbd/process.c:1661(process_smb) Transaction 8097 of length 45 (0 toread) [2011/10/11 16:43:51.776972, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.776996, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5956 smt_wct=3 smb_vwv[ 0]=18288 (0x4770) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.777257, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.777283, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.777329, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.777372, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.777851, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.777980, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.778028, 3] smbd/reply.c:4850(reply_close) close fd=304 fnum=18288 (numopen=84) [2011/10/11 16:43:51.778070, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.778129, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk, file_id = 803:404331:0 gen_id = 849 has kernel oplock state of 1. [2011/10/11 16:43:51.778190, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003143 [2011/10/11 16:43:51.778237, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.778279, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.778343, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xada5, type= 0x3, gen_id = 849, uid = 0, flags = 0, file_id 803:404331:0, name_hash = 0xf8ab53d1 [2011/10/11 16:43:51.778392, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf8ab53d1 [2011/10/11 16:43:51.778441, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003143 [2011/10/11 16:43:51.778495, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk = 0 [2011/10/11 16:43:51.778540, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk [2011/10/11 16:43:51.778587, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk (numopen=83) NT_STATUS_OK [2011/10/11 16:43:51.778632, 5] smbd/files.c:464(file_free) freed files structure 18288 (84 used) [2011/10/11 16:43:51.778681, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.778707, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=5956 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.778920, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.779330, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.779380, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.779423, 3] smbd/process.c:1661(process_smb) Transaction 8098 of length 45 (0 toread) [2011/10/11 16:43:51.779482, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.779507, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6020 smt_wct=3 smb_vwv[ 0]=18289 (0x4771) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.779768, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.779795, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.779841, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.779884, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.780325, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.780454, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.780502, 3] smbd/reply.c:4850(reply_close) close fd=305 fnum=18289 (numopen=83) [2011/10/11 16:43:51.780543, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.780602, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk, file_id = 803:404333:0 gen_id = 850 has kernel oplock state of 1. [2011/10/11 16:43:51.780662, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003343 [2011/10/11 16:43:51.780710, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0ca2d90 [2011/10/11 16:43:51.780752, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.780816, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaf25, type= 0x3, gen_id = 850, uid = 0, flags = 0, file_id 803:404333:0, name_hash = 0x79dea1e4 [2011/10/11 16:43:51.780865, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x79dea1e4 [2011/10/11 16:43:51.780910, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003343 [2011/10/11 16:43:51.780964, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk = 0 [2011/10/11 16:43:51.781009, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk [2011/10/11 16:43:51.781056, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk (numopen=82) NT_STATUS_OK [2011/10/11 16:43:51.781115, 5] smbd/files.c:464(file_free) freed files structure 18289 (83 used) [2011/10/11 16:43:51.781166, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.781191, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6020 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.781425, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.781796, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.781846, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.781888, 3] smbd/process.c:1661(process_smb) Transaction 8099 of length 45 (0 toread) [2011/10/11 16:43:51.781929, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.781954, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6084 smt_wct=3 smb_vwv[ 0]=18290 (0x4772) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.782215, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.782241, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.782287, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.782330, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.782767, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.782896, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.782945, 3] smbd/reply.c:4850(reply_close) close fd=306 fnum=18290 (numopen=82) [2011/10/11 16:43:51.782987, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.783047, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk, file_id = 803:404335:0 gen_id = 851 has kernel oplock state of 1. [2011/10/11 16:43:51.783107, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003543 [2011/10/11 16:43:51.783154, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.783196, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.783262, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb0a5, type= 0x3, gen_id = 851, uid = 0, flags = 0, file_id 803:404335:0, name_hash = 0x73546e30 [2011/10/11 16:43:51.783329, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73546e30 [2011/10/11 16:43:51.783375, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003543 [2011/10/11 16:43:51.783428, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk = 0 [2011/10/11 16:43:51.783515, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk [2011/10/11 16:43:51.783565, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk (numopen=81) NT_STATUS_OK [2011/10/11 16:43:51.783610, 5] smbd/files.c:464(file_free) freed files structure 18290 (82 used) [2011/10/11 16:43:51.783660, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.783685, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6084 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.783898, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.784301, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.784350, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.784392, 3] smbd/process.c:1661(process_smb) Transaction 8100 of length 45 (0 toread) [2011/10/11 16:43:51.784435, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.784459, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6148 smt_wct=3 smb_vwv[ 0]=18291 (0x4773) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.784720, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.784747, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.784792, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.784835, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.785274, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.785425, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.785473, 3] smbd/reply.c:4850(reply_close) close fd=307 fnum=18291 (numopen=81) [2011/10/11 16:43:51.785515, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.785575, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk, file_id = 803:404338:0 gen_id = 852 has kernel oplock state of 1. [2011/10/11 16:43:51.785654, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003843 [2011/10/11 16:43:51.785703, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.785745, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.785809, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb225, type= 0x3, gen_id = 852, uid = 0, flags = 0, file_id 803:404338:0, name_hash = 0x9a0511b6 [2011/10/11 16:43:51.785859, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9a0511b6 [2011/10/11 16:43:51.785904, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003843 [2011/10/11 16:43:51.785958, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk = 0 [2011/10/11 16:43:51.786003, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk [2011/10/11 16:43:51.786050, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk (numopen=80) NT_STATUS_OK [2011/10/11 16:43:51.786095, 5] smbd/files.c:464(file_free) freed files structure 18291 (81 used) [2011/10/11 16:43:51.786145, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.786170, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6148 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.786385, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.786785, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.786838, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.786880, 3] smbd/process.c:1661(process_smb) Transaction 8101 of length 45 (0 toread) [2011/10/11 16:43:51.786922, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.786946, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6212 smt_wct=3 smb_vwv[ 0]=18292 (0x4774) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.787207, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.787234, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.787279, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.787322, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.787778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.787908, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.787956, 3] smbd/reply.c:4850(reply_close) close fd=308 fnum=18292 (numopen=80) [2011/10/11 16:43:51.787997, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.788057, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk, file_id = 803:40433a:0 gen_id = 853 has kernel oplock state of 1. [2011/10/11 16:43:51.788117, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003A43 [2011/10/11 16:43:51.788165, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.788207, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.788271, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb3a5, type= 0x3, gen_id = 853, uid = 0, flags = 0, file_id 803:40433a:0, name_hash = 0xb66c4cd3 [2011/10/11 16:43:51.788320, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb66c4cd3 [2011/10/11 16:43:51.788365, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003A43 [2011/10/11 16:43:51.788419, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk = 0 [2011/10/11 16:43:51.788464, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk [2011/10/11 16:43:51.788511, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk (numopen=79) NT_STATUS_OK [2011/10/11 16:43:51.788556, 5] smbd/files.c:464(file_free) freed files structure 18292 (80 used) [2011/10/11 16:43:51.788606, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.788631, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6212 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.788844, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.789237, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.789286, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.789328, 3] smbd/process.c:1661(process_smb) Transaction 8102 of length 45 (0 toread) [2011/10/11 16:43:51.789370, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.789415, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6276 smt_wct=3 smb_vwv[ 0]=18293 (0x4775) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.789676, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.789703, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.789748, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.789791, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.790250, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.790380, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.790427, 3] smbd/reply.c:4850(reply_close) close fd=309 fnum=18293 (numopen=79) [2011/10/11 16:43:51.790469, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.790528, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk, file_id = 803:40433c:0 gen_id = 854 has kernel oplock state of 1. [2011/10/11 16:43:51.790588, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003C43 [2011/10/11 16:43:51.790636, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.790678, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.790742, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb525, type= 0x3, gen_id = 854, uid = 0, flags = 0, file_id 803:40433c:0, name_hash = 0xdd212722 [2011/10/11 16:43:51.790791, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdd212722 [2011/10/11 16:43:51.790836, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003C43 [2011/10/11 16:43:51.790890, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk = 0 [2011/10/11 16:43:51.790935, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk [2011/10/11 16:43:51.790982, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk (numopen=78) NT_STATUS_OK [2011/10/11 16:43:51.791027, 5] smbd/files.c:464(file_free) freed files structure 18293 (79 used) [2011/10/11 16:43:51.791077, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.791102, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6276 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.791315, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.791681, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.791731, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.791774, 3] smbd/process.c:1661(process_smb) Transaction 8103 of length 45 (0 toread) [2011/10/11 16:43:51.791833, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.791858, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6340 smt_wct=3 smb_vwv[ 0]=18294 (0x4776) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.792121, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.792148, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.792194, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.792237, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.792677, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.792806, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.792854, 3] smbd/reply.c:4850(reply_close) close fd=310 fnum=18294 (numopen=78) [2011/10/11 16:43:51.792896, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.792955, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk, file_id = 803:40433e:0 gen_id = 855 has kernel oplock state of 1. [2011/10/11 16:43:51.793015, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003E43 [2011/10/11 16:43:51.793062, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.793105, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.793168, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb6a5, type= 0x3, gen_id = 855, uid = 0, flags = 0, file_id 803:40433e:0, name_hash = 0xb50acad0 [2011/10/11 16:43:51.793217, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb50acad0 [2011/10/11 16:43:51.793262, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003E43 [2011/10/11 16:43:51.793315, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk = 0 [2011/10/11 16:43:51.793360, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk [2011/10/11 16:43:51.793427, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk (numopen=77) NT_STATUS_OK [2011/10/11 16:43:51.793487, 5] smbd/files.c:464(file_free) freed files structure 18294 (78 used) [2011/10/11 16:43:51.793538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.793563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6340 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.793778, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.794160, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.794212, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.794254, 3] smbd/process.c:1661(process_smb) Transaction 8104 of length 45 (0 toread) [2011/10/11 16:43:51.794295, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.794320, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6404 smt_wct=3 smb_vwv[ 0]=18301 (0x477D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.794582, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.794609, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.794653, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.794697, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.795136, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.795264, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.795315, 3] smbd/reply.c:4850(reply_close) close fd=317 fnum=18301 (numopen=77) [2011/10/11 16:43:51.795357, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.795417, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk, file_id = 803:404093:0 gen_id = 862 has kernel oplock state of 1. [2011/10/11 16:43:51.795477, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009340 [2011/10/11 16:43:51.795525, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.795567, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.795631, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc125, type= 0x3, gen_id = 862, uid = 0, flags = 0, file_id 803:404093:0, name_hash = 0x9b9fa079 [2011/10/11 16:43:51.795697, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9b9fa079 [2011/10/11 16:43:51.795746, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009340 [2011/10/11 16:43:51.795800, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk = 0 [2011/10/11 16:43:51.795845, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk [2011/10/11 16:43:51.795892, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk (numopen=76) NT_STATUS_OK [2011/10/11 16:43:51.795937, 5] smbd/files.c:464(file_free) freed files structure 18301 (77 used) [2011/10/11 16:43:51.795983, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.796008, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6404 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.796221, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.796613, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.796663, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.796704, 3] smbd/process.c:1661(process_smb) Transaction 8105 of length 45 (0 toread) [2011/10/11 16:43:51.796746, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.796771, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6468 smt_wct=3 smb_vwv[ 0]=18302 (0x477E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.797031, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.797058, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.797103, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.797146, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.797606, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.797735, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.797784, 3] smbd/reply.c:4850(reply_close) close fd=318 fnum=18302 (numopen=76) [2011/10/11 16:43:51.797826, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.797884, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk, file_id = 803:404198:0 gen_id = 863 has kernel oplock state of 1. [2011/10/11 16:43:51.797960, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009841 [2011/10/11 16:43:51.798009, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.798052, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.798116, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc2a5, type= 0x3, gen_id = 863, uid = 0, flags = 0, file_id 803:404198:0, name_hash = 0x11c1dbe2 [2011/10/11 16:43:51.798165, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x11c1dbe2 [2011/10/11 16:43:51.798210, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009841 [2011/10/11 16:43:51.798264, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk = 0 [2011/10/11 16:43:51.798309, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk [2011/10/11 16:43:51.798356, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk (numopen=75) NT_STATUS_OK [2011/10/11 16:43:51.798401, 5] smbd/files.c:464(file_free) freed files structure 18302 (76 used) [2011/10/11 16:43:51.798447, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.798472, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6468 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.798685, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.799079, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.799130, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.799172, 3] smbd/process.c:1661(process_smb) Transaction 8106 of length 45 (0 toread) [2011/10/11 16:43:51.799214, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.799239, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6532 smt_wct=3 smb_vwv[ 0]=18303 (0x477F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.799501, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.799527, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.799573, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.799617, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.800074, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.800203, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.800252, 3] smbd/reply.c:4850(reply_close) close fd=319 fnum=18303 (numopen=75) [2011/10/11 16:43:51.800294, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.800354, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk, file_id = 803:40423b:0 gen_id = 864 has kernel oplock state of 1. [2011/10/11 16:43:51.800414, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003B42 [2011/10/11 16:43:51.800461, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.800503, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.800567, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc425, type= 0x3, gen_id = 864, uid = 0, flags = 0, file_id 803:40423b:0, name_hash = 0x89c84cf5 [2011/10/11 16:43:51.800616, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x89c84cf5 [2011/10/11 16:43:51.800661, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003B42 [2011/10/11 16:43:51.800715, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk = 0 [2011/10/11 16:43:51.800760, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk [2011/10/11 16:43:51.800806, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk (numopen=74) NT_STATUS_OK [2011/10/11 16:43:51.800851, 5] smbd/files.c:464(file_free) freed files structure 18303 (75 used) [2011/10/11 16:43:51.800897, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.800922, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6532 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.801135, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.801513, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.801564, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.801606, 3] smbd/process.c:1661(process_smb) Transaction 8107 of length 45 (0 toread) [2011/10/11 16:43:51.801648, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.801672, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6596 smt_wct=3 smb_vwv[ 0]=18304 (0x4780) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.801934, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.801960, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.802006, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.802049, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.802509, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.802637, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.802685, 3] smbd/reply.c:4850(reply_close) close fd=320 fnum=18304 (numopen=74) [2011/10/11 16:43:51.802727, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.802787, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk, file_id = 803:7f4001:0 gen_id = 865 has kernel oplock state of 1. [2011/10/11 16:43:51.802847, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000140 [2011/10/11 16:43:51.802895, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.802937, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.803001, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc5a5, type= 0x3, gen_id = 865, uid = 0, flags = 0, file_id 803:7f4001:0, name_hash = 0x43e2f1ad [2011/10/11 16:43:51.803050, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x43e2f1ad [2011/10/11 16:43:51.803095, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000140 [2011/10/11 16:43:51.803148, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk = 0 [2011/10/11 16:43:51.803193, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk [2011/10/11 16:43:51.803240, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk (numopen=73) NT_STATUS_OK [2011/10/11 16:43:51.803285, 5] smbd/files.c:464(file_free) freed files structure 18304 (74 used) [2011/10/11 16:43:51.803331, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.803356, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6596 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.803569, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.803927, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.803975, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.804034, 3] smbd/process.c:1661(process_smb) Transaction 8108 of length 45 (0 toread) [2011/10/11 16:43:51.804076, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.804100, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6660 smt_wct=3 smb_vwv[ 0]=18305 (0x4781) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.804362, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.804389, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.804434, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.804477, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.804916, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.805045, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.805093, 3] smbd/reply.c:4850(reply_close) close fd=321 fnum=18305 (numopen=73) [2011/10/11 16:43:51.805135, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.805194, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk, file_id = 803:40423c:0 gen_id = 866 has kernel oplock state of 1. [2011/10/11 16:43:51.805253, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003C42 [2011/10/11 16:43:51.805300, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.805342, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.805428, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc725, type= 0x3, gen_id = 866, uid = 0, flags = 0, file_id 803:40423c:0, name_hash = 0x5d7313b0 [2011/10/11 16:43:51.805477, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5d7313b0 [2011/10/11 16:43:51.805526, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003C42 [2011/10/11 16:43:51.805580, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk = 0 [2011/10/11 16:43:51.805625, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk [2011/10/11 16:43:51.805686, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk (numopen=72) NT_STATUS_OK [2011/10/11 16:43:51.805732, 5] smbd/files.c:464(file_free) freed files structure 18305 (73 used) [2011/10/11 16:43:51.805777, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.805803, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6660 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.806015, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.806400, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.806450, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.806492, 3] smbd/process.c:1661(process_smb) Transaction 8109 of length 45 (0 toread) [2011/10/11 16:43:51.806534, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.806558, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6724 smt_wct=3 smb_vwv[ 0]=18306 (0x4782) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.806820, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.806847, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.806891, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.806935, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.807372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.807500, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.807547, 3] smbd/reply.c:4850(reply_close) close fd=322 fnum=18306 (numopen=72) [2011/10/11 16:43:51.807589, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.807648, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk, file_id = 803:7f4002:0 gen_id = 867 has kernel oplock state of 1. [2011/10/11 16:43:51.807708, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000240 [2011/10/11 16:43:51.807755, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.807797, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.807861, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc8a5, type= 0x3, gen_id = 867, uid = 0, flags = 0, file_id 803:7f4002:0, name_hash = 0xdcc7e4e [2011/10/11 16:43:51.807926, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdcc7e4e [2011/10/11 16:43:51.807972, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000240 [2011/10/11 16:43:51.808026, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk = 0 [2011/10/11 16:43:51.808071, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk [2011/10/11 16:43:51.808119, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk (numopen=71) NT_STATUS_OK [2011/10/11 16:43:51.808164, 5] smbd/files.c:464(file_free) freed files structure 18306 (72 used) [2011/10/11 16:43:51.808211, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.808236, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6724 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.808449, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.808840, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.808890, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.808931, 3] smbd/process.c:1661(process_smb) Transaction 8110 of length 45 (0 toread) [2011/10/11 16:43:51.808973, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.808998, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6788 smt_wct=3 smb_vwv[ 0]=18307 (0x4783) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.809259, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.809286, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.809331, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.809393, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.809837, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.809965, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.810013, 3] smbd/reply.c:4850(reply_close) close fd=323 fnum=18307 (numopen=71) [2011/10/11 16:43:51.810056, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.810130, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk, file_id = 803:40423d:0 gen_id = 868 has kernel oplock state of 1. [2011/10/11 16:43:51.810191, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003D42 [2011/10/11 16:43:51.810238, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.810280, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.810344, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xca25, type= 0x3, gen_id = 868, uid = 0, flags = 0, file_id 803:40423d:0, name_hash = 0x4d5a871 [2011/10/11 16:43:51.810394, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4d5a871 [2011/10/11 16:43:51.810442, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003D42 [2011/10/11 16:43:51.810496, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk = 0 [2011/10/11 16:43:51.810541, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk [2011/10/11 16:43:51.810588, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk (numopen=70) NT_STATUS_OK [2011/10/11 16:43:51.810633, 5] smbd/files.c:464(file_free) freed files structure 18307 (71 used) [2011/10/11 16:43:51.810678, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.810703, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6788 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.810915, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.811312, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.811363, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.811405, 3] smbd/process.c:1661(process_smb) Transaction 8111 of length 45 (0 toread) [2011/10/11 16:43:51.811446, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.811471, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6852 smt_wct=3 smb_vwv[ 0]=18308 (0x4784) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.811732, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.811759, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.811804, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.811847, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.812304, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.812433, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.812481, 3] smbd/reply.c:4850(reply_close) close fd=324 fnum=18308 (numopen=70) [2011/10/11 16:43:51.812523, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.812581, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk, file_id = 803:7fc006:0 gen_id = 869 has kernel oplock state of 1. [2011/10/11 16:43:51.812641, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000006C0 [2011/10/11 16:43:51.812689, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.812730, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.812795, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcba5, type= 0x3, gen_id = 869, uid = 0, flags = 0, file_id 803:7fc006:0, name_hash = 0x102d4b9f [2011/10/11 16:43:51.812844, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x102d4b9f [2011/10/11 16:43:51.812888, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000006C0 [2011/10/11 16:43:51.812942, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk = 0 [2011/10/11 16:43:51.812987, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk [2011/10/11 16:43:51.813034, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk (numopen=69) NT_STATUS_OK [2011/10/11 16:43:51.813079, 5] smbd/files.c:464(file_free) freed files structure 18308 (70 used) [2011/10/11 16:43:51.813125, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.813150, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6852 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.813362, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.813752, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.813801, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.813843, 3] smbd/process.c:1661(process_smb) Transaction 8112 of length 45 (0 toread) [2011/10/11 16:43:51.813885, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.813909, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6916 smt_wct=3 smb_vwv[ 0]=18309 (0x4785) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.814170, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.814196, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.814259, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.814303, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.814741, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.814870, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.814919, 3] smbd/reply.c:4850(reply_close) close fd=325 fnum=18309 (numopen=69) [2011/10/11 16:43:51.814961, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.815020, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk, file_id = 803:7fc007:0 gen_id = 870 has kernel oplock state of 1. [2011/10/11 16:43:51.815080, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000007C0 [2011/10/11 16:43:51.815127, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.815169, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.815233, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcd25, type= 0x3, gen_id = 870, uid = 0, flags = 0, file_id 803:7fc007:0, name_hash = 0xf6dae [2011/10/11 16:43:51.815282, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf6dae [2011/10/11 16:43:51.815327, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000007C0 [2011/10/11 16:43:51.815381, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk = 0 [2011/10/11 16:43:51.815425, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk [2011/10/11 16:43:51.815472, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk (numopen=68) NT_STATUS_OK [2011/10/11 16:43:51.815517, 5] smbd/files.c:464(file_free) freed files structure 18309 (69 used) [2011/10/11 16:43:51.815563, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.815588, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6916 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.815800, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.816206, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.816275, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.816317, 3] smbd/process.c:1661(process_smb) Transaction 8113 of length 45 (0 toread) [2011/10/11 16:43:51.816359, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.816383, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6980 smt_wct=3 smb_vwv[ 0]=18310 (0x4786) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.816645, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.816672, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.816717, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.816760, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.817200, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.817329, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.817394, 3] smbd/reply.c:4850(reply_close) close fd=326 fnum=18310 (numopen=68) [2011/10/11 16:43:51.817438, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.817498, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk, file_id = 803:7fc008:0 gen_id = 871 has kernel oplock state of 1. [2011/10/11 16:43:51.817558, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000008C0 [2011/10/11 16:43:51.817605, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.817647, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.817711, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcea5, type= 0x3, gen_id = 871, uid = 0, flags = 0, file_id 803:7fc008:0, name_hash = 0x866cf060 [2011/10/11 16:43:51.817761, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x866cf060 [2011/10/11 16:43:51.817806, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000008C0 [2011/10/11 16:43:51.817860, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk = 0 [2011/10/11 16:43:51.817905, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk [2011/10/11 16:43:51.817969, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk (numopen=67) NT_STATUS_OK [2011/10/11 16:43:51.818015, 5] smbd/files.c:464(file_free) freed files structure 18310 (68 used) [2011/10/11 16:43:51.818061, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.818086, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=6980 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.818299, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.818689, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.818741, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.818783, 3] smbd/process.c:1661(process_smb) Transaction 8114 of length 45 (0 toread) [2011/10/11 16:43:51.818825, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.818849, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7044 smt_wct=3 smb_vwv[ 0]=18311 (0x4787) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.819111, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.819139, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.819185, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.819229, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.819670, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.819799, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.819848, 3] smbd/reply.c:4850(reply_close) close fd=327 fnum=18311 (numopen=67) [2011/10/11 16:43:51.819890, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.819950, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk, file_id = 803:404073:0 gen_id = 872 has kernel oplock state of 1. [2011/10/11 16:43:51.820009, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000007340 [2011/10/11 16:43:51.820057, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.820100, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.820181, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd025, type= 0x3, gen_id = 872, uid = 0, flags = 0, file_id 803:404073:0, name_hash = 0x4957277 [2011/10/11 16:43:51.820233, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4957277 [2011/10/11 16:43:51.820278, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000007340 [2011/10/11 16:43:51.820332, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk = 0 [2011/10/11 16:43:51.820378, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk [2011/10/11 16:43:51.820424, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk (numopen=66) NT_STATUS_OK [2011/10/11 16:43:51.820470, 5] smbd/files.c:464(file_free) freed files structure 18311 (67 used) [2011/10/11 16:43:51.820518, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.820543, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7044 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.820755, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.821141, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.821190, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.821232, 3] smbd/process.c:1661(process_smb) Transaction 8115 of length 45 (0 toread) [2011/10/11 16:43:51.821273, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.821298, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7108 smt_wct=3 smb_vwv[ 0]=18312 (0x4788) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.821582, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.821609, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.821654, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.821697, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.822137, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.822267, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.822313, 3] smbd/reply.c:4850(reply_close) close fd=328 fnum=18312 (numopen=66) [2011/10/11 16:43:51.822371, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.822431, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk, file_id = 803:40414e:0 gen_id = 873 has kernel oplock state of 1. [2011/10/11 16:43:51.822491, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004E41 [2011/10/11 16:43:51.822538, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.822580, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.822643, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd1a5, type= 0x3, gen_id = 873, uid = 0, flags = 0, file_id 803:40414e:0, name_hash = 0x5c441919 [2011/10/11 16:43:51.822693, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5c441919 [2011/10/11 16:43:51.822737, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004E41 [2011/10/11 16:43:51.822791, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk = 0 [2011/10/11 16:43:51.822837, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk [2011/10/11 16:43:51.822883, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk (numopen=65) NT_STATUS_OK [2011/10/11 16:43:51.822928, 5] smbd/files.c:464(file_free) freed files structure 18312 (66 used) [2011/10/11 16:43:51.822974, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.822999, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7108 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.823211, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.823590, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.823641, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.823683, 3] smbd/process.c:1661(process_smb) Transaction 8116 of length 45 (0 toread) [2011/10/11 16:43:51.823724, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.823749, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7172 smt_wct=3 smb_vwv[ 0]=18313 (0x4789) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.824009, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.824036, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.824081, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.824124, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.824583, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.824711, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.824758, 3] smbd/reply.c:4850(reply_close) close fd=329 fnum=18313 (numopen=65) [2011/10/11 16:43:51.824800, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.824859, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk, file_id = 803:40430b:0 gen_id = 874 has kernel oplock state of 1. [2011/10/11 16:43:51.824920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000B43 [2011/10/11 16:43:51.824968, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.825011, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.825075, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd325, type= 0x3, gen_id = 874, uid = 0, flags = 0, file_id 803:40430b:0, name_hash = 0xa7d1828b [2011/10/11 16:43:51.825124, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa7d1828b [2011/10/11 16:43:51.825169, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000B43 [2011/10/11 16:43:51.825223, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk = 0 [2011/10/11 16:43:51.825268, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk [2011/10/11 16:43:51.825315, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk (numopen=64) NT_STATUS_OK [2011/10/11 16:43:51.825360, 5] smbd/files.c:464(file_free) freed files structure 18313 (65 used) [2011/10/11 16:43:51.825429, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.825454, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7172 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.825666, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.826031, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.826081, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.826123, 3] smbd/process.c:1661(process_smb) Transaction 8117 of length 45 (0 toread) [2011/10/11 16:43:51.826164, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.826189, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7236 smt_wct=3 smb_vwv[ 0]=18314 (0x478A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.826450, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.826494, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.826540, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.826584, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.827025, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.827154, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.827201, 3] smbd/reply.c:4850(reply_close) close fd=330 fnum=18314 (numopen=64) [2011/10/11 16:43:51.827243, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.827302, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk, file_id = 803:17ec026:0 gen_id = 875 has kernel oplock state of 1. [2011/10/11 16:43:51.827362, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000026C0 [2011/10/11 16:43:51.827410, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.827452, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.827516, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd4a5, type= 0x3, gen_id = 875, uid = 0, flags = 0, file_id 803:17ec026:0, name_hash = 0xea1f4d07 [2011/10/11 16:43:51.827566, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xea1f4d07 [2011/10/11 16:43:51.827611, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000026C0 [2011/10/11 16:43:51.827665, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk = 0 [2011/10/11 16:43:51.827711, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk [2011/10/11 16:43:51.827757, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk (numopen=63) NT_STATUS_OK [2011/10/11 16:43:51.827803, 5] smbd/files.c:464(file_free) freed files structure 18314 (64 used) [2011/10/11 16:43:51.827850, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.827875, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7236 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.828103, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.828488, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.828540, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.828582, 3] smbd/process.c:1661(process_smb) Transaction 8118 of length 45 (0 toread) [2011/10/11 16:43:51.828624, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.828649, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7300 smt_wct=3 smb_vwv[ 0]=18315 (0x478B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.828912, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.828939, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.828984, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.829028, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.829491, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.829620, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.829668, 3] smbd/reply.c:4850(reply_close) close fd=331 fnum=18315 (numopen=63) [2011/10/11 16:43:51.829710, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.829769, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk, file_id = 803:17ec027:0 gen_id = 876 has kernel oplock state of 1. [2011/10/11 16:43:51.829829, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000027C0 [2011/10/11 16:43:51.829876, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.829919, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.829983, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd625, type= 0x3, gen_id = 876, uid = 0, flags = 0, file_id 803:17ec027:0, name_hash = 0xae558725 [2011/10/11 16:43:51.830033, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xae558725 [2011/10/11 16:43:51.830082, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000027C0 [2011/10/11 16:43:51.830137, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk = 0 [2011/10/11 16:43:51.830198, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk [2011/10/11 16:43:51.830246, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk (numopen=62) NT_STATUS_OK [2011/10/11 16:43:51.830292, 5] smbd/files.c:464(file_free) freed files structure 18315 (63 used) [2011/10/11 16:43:51.830336, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.830361, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7300 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.830573, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.830972, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.831023, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.831066, 3] smbd/process.c:1661(process_smb) Transaction 8119 of length 45 (0 toread) [2011/10/11 16:43:51.831107, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.831132, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7364 smt_wct=3 smb_vwv[ 0]=18316 (0x478C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.831393, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.831420, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.831465, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.831509, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.831949, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.832078, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.832126, 3] smbd/reply.c:4850(reply_close) close fd=332 fnum=18316 (numopen=62) [2011/10/11 16:43:51.832168, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.832226, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk, file_id = 803:17ec028:0 gen_id = 877 has kernel oplock state of 1. [2011/10/11 16:43:51.832285, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000028C0 [2011/10/11 16:43:51.832333, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.832375, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.832457, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd7a5, type= 0x3, gen_id = 877, uid = 0, flags = 0, file_id 803:17ec028:0, name_hash = 0xbb846bdc [2011/10/11 16:43:51.832507, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb846bdc [2011/10/11 16:43:51.832556, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000028C0 [2011/10/11 16:43:51.832609, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk = 0 [2011/10/11 16:43:51.832655, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk [2011/10/11 16:43:51.832701, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk (numopen=61) NT_STATUS_OK [2011/10/11 16:43:51.832747, 5] smbd/files.c:464(file_free) freed files structure 18316 (62 used) [2011/10/11 16:43:51.832793, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.832818, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7364 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.833029, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.833430, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.833480, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.833522, 3] smbd/process.c:1661(process_smb) Transaction 8120 of length 45 (0 toread) [2011/10/11 16:43:51.833563, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.833588, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7428 smt_wct=3 smb_vwv[ 0]=18317 (0x478D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.833847, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.833874, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.833919, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.833962, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.834400, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.834529, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.834593, 3] smbd/reply.c:4850(reply_close) close fd=333 fnum=18317 (numopen=61) [2011/10/11 16:43:51.834635, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.834695, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk, file_id = 803:17ec029:0 gen_id = 878 has kernel oplock state of 1. [2011/10/11 16:43:51.834755, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000029C0 [2011/10/11 16:43:51.834802, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.834844, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.834908, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd925, type= 0x3, gen_id = 878, uid = 0, flags = 0, file_id 803:17ec029:0, name_hash = 0xe422ada2 [2011/10/11 16:43:51.834957, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe422ada2 [2011/10/11 16:43:51.835001, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000029C0 [2011/10/11 16:43:51.835055, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk = 0 [2011/10/11 16:43:51.835100, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk [2011/10/11 16:43:51.835146, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk (numopen=60) NT_STATUS_OK [2011/10/11 16:43:51.835191, 5] smbd/files.c:464(file_free) freed files structure 18317 (61 used) [2011/10/11 16:43:51.835237, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.835262, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7428 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.835474, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.835850, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.835901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.835943, 3] smbd/process.c:1661(process_smb) Transaction 8121 of length 45 (0 toread) [2011/10/11 16:43:51.835984, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.836009, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7492 smt_wct=3 smb_vwv[ 0]=18318 (0x478E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.836268, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.836295, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.836339, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.836383, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.836837, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.836967, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.837013, 3] smbd/reply.c:4850(reply_close) close fd=334 fnum=18318 (numopen=60) [2011/10/11 16:43:51.837055, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.837114, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk, file_id = 803:17ec02a:0 gen_id = 879 has kernel oplock state of 1. [2011/10/11 16:43:51.837174, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002AC0 [2011/10/11 16:43:51.837221, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.837263, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.837327, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdaa5, type= 0x3, gen_id = 879, uid = 0, flags = 0, file_id 803:17ec02a:0, name_hash = 0xaa6b67be [2011/10/11 16:43:51.837396, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaa6b67be [2011/10/11 16:43:51.837443, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002AC0 [2011/10/11 16:43:51.837497, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk = 0 [2011/10/11 16:43:51.837542, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk [2011/10/11 16:43:51.837590, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk (numopen=59) NT_STATUS_OK [2011/10/11 16:43:51.837635, 5] smbd/files.c:464(file_free) freed files structure 18318 (60 used) [2011/10/11 16:43:51.837681, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.837707, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7492 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.837919, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.838266, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.838318, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.838361, 3] smbd/process.c:1661(process_smb) Transaction 8122 of length 45 (0 toread) [2011/10/11 16:43:51.838402, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.838427, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7556 smt_wct=3 smb_vwv[ 0]=18319 (0x478F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.838708, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.838735, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.838781, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.838824, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.839265, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.839394, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.839441, 3] smbd/reply.c:4850(reply_close) close fd=335 fnum=18319 (numopen=59) [2011/10/11 16:43:51.839482, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.839541, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk, file_id = 803:40430d:0 gen_id = 880 has kernel oplock state of 1. [2011/10/11 16:43:51.839601, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000D43 [2011/10/11 16:43:51.839648, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.839691, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.839755, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdc25, type= 0x3, gen_id = 880, uid = 0, flags = 0, file_id 803:40430d:0, name_hash = 0x67fd7be7 [2011/10/11 16:43:51.839803, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x67fd7be7 [2011/10/11 16:43:51.839848, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000D43 [2011/10/11 16:43:51.839902, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk = 0 [2011/10/11 16:43:51.839947, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk [2011/10/11 16:43:51.839994, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk (numopen=58) NT_STATUS_OK [2011/10/11 16:43:51.840039, 5] smbd/files.c:464(file_free) freed files structure 18319 (59 used) [2011/10/11 16:43:51.840085, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.840110, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7556 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.840340, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.840735, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.840786, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.840828, 3] smbd/process.c:1661(process_smb) Transaction 8123 of length 45 (0 toread) [2011/10/11 16:43:51.840870, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.840895, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7620 smt_wct=3 smb_vwv[ 0]=18320 (0x4790) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.841158, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.841184, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.841230, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.841273, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.841736, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.841865, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.841912, 3] smbd/reply.c:4850(reply_close) close fd=336 fnum=18320 (numopen=58) [2011/10/11 16:43:51.841953, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.842012, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk, file_id = 803:40430e:0 gen_id = 881 has kernel oplock state of 1. [2011/10/11 16:43:51.842072, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000E43 [2011/10/11 16:43:51.842120, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.842162, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.842225, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdda5, type= 0x3, gen_id = 881, uid = 0, flags = 0, file_id 803:40430e:0, name_hash = 0xc32ea297 [2011/10/11 16:43:51.842275, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc32ea297 [2011/10/11 16:43:51.842320, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000E43 [2011/10/11 16:43:51.842390, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk = 0 [2011/10/11 16:43:51.842437, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk [2011/10/11 16:43:51.842485, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk (numopen=57) NT_STATUS_OK [2011/10/11 16:43:51.842530, 5] smbd/files.c:464(file_free) freed files structure 18320 (58 used) [2011/10/11 16:43:51.842576, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.842602, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7620 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.842816, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.843217, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.843268, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.843311, 3] smbd/process.c:1661(process_smb) Transaction 8124 of length 45 (0 toread) [2011/10/11 16:43:51.843353, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.843377, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7684 smt_wct=3 smb_vwv[ 0]=18321 (0x4791) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.843640, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.843667, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.843712, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.843755, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.844196, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.844325, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.844373, 3] smbd/reply.c:4850(reply_close) close fd=337 fnum=18321 (numopen=57) [2011/10/11 16:43:51.844415, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.844474, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk, file_id = 803:40430f:0 gen_id = 882 has kernel oplock state of 1. [2011/10/11 16:43:51.844533, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000F43 [2011/10/11 16:43:51.844580, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.844640, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.844705, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdf25, type= 0x3, gen_id = 882, uid = 0, flags = 0, file_id 803:40430f:0, name_hash = 0x70108ac4 [2011/10/11 16:43:51.844754, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x70108ac4 [2011/10/11 16:43:51.844799, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000F43 [2011/10/11 16:43:51.844852, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk = 0 [2011/10/11 16:43:51.844897, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk [2011/10/11 16:43:51.844944, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk (numopen=56) NT_STATUS_OK [2011/10/11 16:43:51.844989, 5] smbd/files.c:464(file_free) freed files structure 18321 (57 used) [2011/10/11 16:43:51.845035, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.845061, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7684 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.845273, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.845620, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.845670, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.845712, 3] smbd/process.c:1661(process_smb) Transaction 8125 of length 45 (0 toread) [2011/10/11 16:43:51.845754, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.845779, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7748 smt_wct=3 smb_vwv[ 0]=18322 (0x4792) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.846039, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.846066, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.846111, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.846155, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.846594, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.846740, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.846787, 3] smbd/reply.c:4850(reply_close) close fd=338 fnum=18322 (numopen=56) [2011/10/11 16:43:51.846828, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.846887, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk, file_id = 803:40414f:0 gen_id = 883 has kernel oplock state of 1. [2011/10/11 16:43:51.846947, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004F41 [2011/10/11 16:43:51.846994, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.847036, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.847099, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe0a5, type= 0x3, gen_id = 883, uid = 0, flags = 0, file_id 803:40414f:0, name_hash = 0xcb4d0649 [2011/10/11 16:43:51.847149, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcb4d0649 [2011/10/11 16:43:51.847194, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004F41 [2011/10/11 16:43:51.847247, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk = 0 [2011/10/11 16:43:51.847292, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk [2011/10/11 16:43:51.847339, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk (numopen=55) NT_STATUS_OK [2011/10/11 16:43:51.847384, 5] smbd/files.c:464(file_free) freed files structure 18322 (56 used) [2011/10/11 16:43:51.847432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.847457, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7748 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.847669, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.848059, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.848108, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.848150, 3] smbd/process.c:1661(process_smb) Transaction 8126 of length 45 (0 toread) [2011/10/11 16:43:51.848191, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.848216, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7812 smt_wct=3 smb_vwv[ 0]=18323 (0x4793) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.848477, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.848503, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.848548, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.848592, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.849050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.849179, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.849225, 3] smbd/reply.c:4850(reply_close) close fd=339 fnum=18323 (numopen=55) [2011/10/11 16:43:51.849267, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.849324, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk, file_id = 803:404150:0 gen_id = 884 has kernel oplock state of 1. [2011/10/11 16:43:51.849402, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005041 [2011/10/11 16:43:51.849451, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.849494, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.849557, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe225, type= 0x3, gen_id = 884, uid = 0, flags = 0, file_id 803:404150:0, name_hash = 0x1600bed3 [2011/10/11 16:43:51.849607, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1600bed3 [2011/10/11 16:43:51.849652, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005041 [2011/10/11 16:43:51.849706, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk = 0 [2011/10/11 16:43:51.849751, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk [2011/10/11 16:43:51.849797, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk (numopen=54) NT_STATUS_OK [2011/10/11 16:43:51.849843, 5] smbd/files.c:464(file_free) freed files structure 18323 (55 used) [2011/10/11 16:43:51.849889, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.849914, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7812 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.850128, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.850539, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.850589, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.850631, 3] smbd/process.c:1661(process_smb) Transaction 8127 of length 45 (0 toread) [2011/10/11 16:43:51.850673, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.850698, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7876 smt_wct=3 smb_vwv[ 0]=18324 (0x4794) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.850980, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.851007, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.851053, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.851096, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.851537, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.851666, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.851713, 3] smbd/reply.c:4850(reply_close) close fd=340 fnum=18324 (numopen=54) [2011/10/11 16:43:51.851755, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.851814, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk, file_id = 803:404151:0 gen_id = 885 has kernel oplock state of 1. [2011/10/11 16:43:51.851873, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005141 [2011/10/11 16:43:51.851920, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.851963, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.852026, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe3a5, type= 0x3, gen_id = 885, uid = 0, flags = 0, file_id 803:404151:0, name_hash = 0xda477db6 [2011/10/11 16:43:51.852075, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xda477db6 [2011/10/11 16:43:51.852120, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005141 [2011/10/11 16:43:51.852175, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk = 0 [2011/10/11 16:43:51.852219, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk [2011/10/11 16:43:51.852266, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk (numopen=53) NT_STATUS_OK [2011/10/11 16:43:51.852312, 5] smbd/files.c:464(file_free) freed files structure 18324 (54 used) [2011/10/11 16:43:51.852374, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.852400, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7876 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.852613, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.853007, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.853056, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.853098, 3] smbd/process.c:1661(process_smb) Transaction 8128 of length 45 (0 toread) [2011/10/11 16:43:51.853140, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.853165, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7940 smt_wct=3 smb_vwv[ 0]=18325 (0x4795) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.853447, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.853473, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.853519, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.853562, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.854003, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.854132, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.854178, 3] smbd/reply.c:4850(reply_close) close fd=341 fnum=18325 (numopen=53) [2011/10/11 16:43:51.854220, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.854278, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk, file_id = 803:404193:0 gen_id = 886 has kernel oplock state of 1. [2011/10/11 16:43:51.854337, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009341 [2011/10/11 16:43:51.854384, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.854426, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.854490, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe525, type= 0x3, gen_id = 886, uid = 0, flags = 0, file_id 803:404193:0, name_hash = 0xd6ad59 [2011/10/11 16:43:51.854539, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd6ad59 [2011/10/11 16:43:51.854605, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009341 [2011/10/11 16:43:51.854660, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk = 0 [2011/10/11 16:43:51.854705, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk [2011/10/11 16:43:51.854751, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk (numopen=52) NT_STATUS_OK [2011/10/11 16:43:51.854797, 5] smbd/files.c:464(file_free) freed files structure 18325 (53 used) [2011/10/11 16:43:51.854841, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.854867, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=7940 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.855079, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.855478, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.855528, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.855570, 3] smbd/process.c:1661(process_smb) Transaction 8129 of length 45 (0 toread) [2011/10/11 16:43:51.855611, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.855636, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8004 smt_wct=3 smb_vwv[ 0]=18326 (0x4796) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.855897, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.855924, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.855969, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.856013, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.856452, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.856580, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.856625, 3] smbd/reply.c:4850(reply_close) close fd=342 fnum=18326 (numopen=52) [2011/10/11 16:43:51.856667, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.856725, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk, file_id = 803:404194:0 gen_id = 887 has kernel oplock state of 1. [2011/10/11 16:43:51.856801, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009441 [2011/10/11 16:43:51.856850, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.856892, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.856955, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe6a5, type= 0x3, gen_id = 887, uid = 0, flags = 0, file_id 803:404194:0, name_hash = 0xb20659e5 [2011/10/11 16:43:51.857005, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb20659e5 [2011/10/11 16:43:51.857049, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009441 [2011/10/11 16:43:51.857102, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk = 0 [2011/10/11 16:43:51.857147, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk [2011/10/11 16:43:51.857194, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk (numopen=51) NT_STATUS_OK [2011/10/11 16:43:51.857239, 5] smbd/files.c:464(file_free) freed files structure 18326 (52 used) [2011/10/11 16:43:51.857286, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.857311, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8004 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.857544, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.857943, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.857992, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.858034, 3] smbd/process.c:1661(process_smb) Transaction 8130 of length 45 (0 toread) [2011/10/11 16:43:51.858076, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.858100, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8068 smt_wct=3 smb_vwv[ 0]=18327 (0x4797) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.858361, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.858387, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.858432, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.858476, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.858913, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.859060, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.859108, 3] smbd/reply.c:4850(reply_close) close fd=343 fnum=18327 (numopen=51) [2011/10/11 16:43:51.859151, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.859209, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk, file_id = 803:404195:0 gen_id = 888 has kernel oplock state of 1. [2011/10/11 16:43:51.859269, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009541 [2011/10/11 16:43:51.859317, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.859359, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.859423, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe825, type= 0x3, gen_id = 888, uid = 0, flags = 0, file_id 803:404195:0, name_hash = 0x637f42d4 [2011/10/11 16:43:51.859472, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x637f42d4 [2011/10/11 16:43:51.859517, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009541 [2011/10/11 16:43:51.859571, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk = 0 [2011/10/11 16:43:51.859616, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk [2011/10/11 16:43:51.859663, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk (numopen=50) NT_STATUS_OK [2011/10/11 16:43:51.859709, 5] smbd/files.c:464(file_free) freed files structure 18327 (51 used) [2011/10/11 16:43:51.859754, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.859779, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8068 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.859992, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.860377, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.860426, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.860468, 3] smbd/process.c:1661(process_smb) Transaction 8131 of length 45 (0 toread) [2011/10/11 16:43:51.860509, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.860534, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8132 smt_wct=3 smb_vwv[ 0]=18328 (0x4798) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.860795, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.860822, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.860867, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.860910, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.861367, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.861516, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.861564, 3] smbd/reply.c:4850(reply_close) close fd=344 fnum=18328 (numopen=50) [2011/10/11 16:43:51.861606, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.861664, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk, file_id = 803:404196:0 gen_id = 889 has kernel oplock state of 1. [2011/10/11 16:43:51.861726, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009641 [2011/10/11 16:43:51.861773, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.861815, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.861879, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe9a5, type= 0x3, gen_id = 889, uid = 0, flags = 0, file_id 803:404196:0, name_hash = 0x870d6369 [2011/10/11 16:43:51.861928, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x870d6369 [2011/10/11 16:43:51.861974, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009641 [2011/10/11 16:43:51.862028, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk = 0 [2011/10/11 16:43:51.862073, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk [2011/10/11 16:43:51.862120, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk (numopen=49) NT_STATUS_OK [2011/10/11 16:43:51.862165, 5] smbd/files.c:464(file_free) freed files structure 18328 (50 used) [2011/10/11 16:43:51.862211, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.862236, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8132 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.862449, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.862848, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.862899, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.862942, 3] smbd/process.c:1661(process_smb) Transaction 8132 of length 45 (0 toread) [2011/10/11 16:43:51.862984, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.863025, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8196 smt_wct=3 smb_vwv[ 0]=18329 (0x4799) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.863288, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.863314, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.863360, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.863403, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.863842, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.863969, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.864016, 3] smbd/reply.c:4850(reply_close) close fd=345 fnum=18329 (numopen=49) [2011/10/11 16:43:51.864058, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.864118, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk, file_id = 803:404091:0 gen_id = 890 has kernel oplock state of 1. [2011/10/11 16:43:51.864178, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009140 [2011/10/11 16:43:51.864225, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.864267, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:54:23 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.864330, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeb25, type= 0x3, gen_id = 890, uid = 0, flags = 0, file_id 803:404091:0, name_hash = 0x4f91c64 [2011/10/11 16:43:51.864380, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4f91c64 [2011/10/11 16:43:51.864424, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009140 [2011/10/11 16:43:51.864478, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk = 0 [2011/10/11 16:43:51.864523, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk [2011/10/11 16:43:51.864571, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk (numopen=48) NT_STATUS_OK [2011/10/11 16:43:51.864630, 5] smbd/files.c:464(file_free) freed files structure 18329 (49 used) [2011/10/11 16:43:51.864676, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.864701, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8196 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.864913, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.865298, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.865347, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.865410, 3] smbd/process.c:1661(process_smb) Transaction 8133 of length 45 (0 toread) [2011/10/11 16:43:51.865452, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.865476, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8260 smt_wct=3 smb_vwv[ 0]=18330 (0x479A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.865737, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.865764, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.865809, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.865852, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.866292, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.866420, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.866467, 3] smbd/reply.c:4850(reply_close) close fd=346 fnum=18330 (numopen=48) [2011/10/11 16:43:51.866510, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.866568, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk, file_id = 803:404246:0 gen_id = 891 has kernel oplock state of 1. [2011/10/11 16:43:51.866628, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004642 [2011/10/11 16:43:51.866675, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.866718, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.866781, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeca5, type= 0x3, gen_id = 891, uid = 0, flags = 0, file_id 803:404246:0, name_hash = 0xda94ec4b [2011/10/11 16:43:51.866830, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xda94ec4b [2011/10/11 16:43:51.866893, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004642 [2011/10/11 16:43:51.866947, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk = 0 [2011/10/11 16:43:51.866992, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk [2011/10/11 16:43:51.867039, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk (numopen=47) NT_STATUS_OK [2011/10/11 16:43:51.867087, 5] smbd/files.c:464(file_free) freed files structure 18330 (48 used) [2011/10/11 16:43:51.867132, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.867157, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8260 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.867370, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.867748, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.867799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.867841, 3] smbd/process.c:1661(process_smb) Transaction 8134 of length 45 (0 toread) [2011/10/11 16:43:51.867882, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.867907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8324 smt_wct=3 smb_vwv[ 0]=18331 (0x479B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.868169, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.868195, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.868241, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.868284, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.868724, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.868853, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.868900, 3] smbd/reply.c:4850(reply_close) close fd=347 fnum=18331 (numopen=47) [2011/10/11 16:43:51.868942, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.869000, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk, file_id = 803:404248:0 gen_id = 892 has kernel oplock state of 1. [2011/10/11 16:43:51.869077, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004842 [2011/10/11 16:43:51.869126, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.869168, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.869232, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xee25, type= 0x3, gen_id = 892, uid = 0, flags = 0, file_id 803:404248:0, name_hash = 0x3d226c78 [2011/10/11 16:43:51.869281, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d226c78 [2011/10/11 16:43:51.869326, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004842 [2011/10/11 16:43:51.869399, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk = 0 [2011/10/11 16:43:51.869445, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk [2011/10/11 16:43:51.869493, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk (numopen=46) NT_STATUS_OK [2011/10/11 16:43:51.869538, 5] smbd/files.c:464(file_free) freed files structure 18331 (47 used) [2011/10/11 16:43:51.869584, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.869609, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8324 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.869821, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.870181, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.870230, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.870272, 3] smbd/process.c:1661(process_smb) Transaction 8135 of length 45 (0 toread) [2011/10/11 16:43:51.870314, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.870339, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8388 smt_wct=3 smb_vwv[ 0]=18332 (0x479C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.870600, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.870626, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.870672, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.870715, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.871173, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.871302, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.871348, 3] smbd/reply.c:4850(reply_close) close fd=348 fnum=18332 (numopen=46) [2011/10/11 16:43:51.871389, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.871449, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk, file_id = 803:7fc00e:0 gen_id = 893 has kernel oplock state of 1. [2011/10/11 16:43:51.871509, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000EC0 [2011/10/11 16:43:51.871556, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.871598, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.871661, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xefa5, type= 0x3, gen_id = 893, uid = 0, flags = 0, file_id 803:7fc00e:0, name_hash = 0x40bbbb11 [2011/10/11 16:43:51.871711, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x40bbbb11 [2011/10/11 16:43:51.871756, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000EC0 [2011/10/11 16:43:51.871810, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk = 0 [2011/10/11 16:43:51.871855, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk [2011/10/11 16:43:51.871902, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk (numopen=45) NT_STATUS_OK [2011/10/11 16:43:51.871947, 5] smbd/files.c:464(file_free) freed files structure 18332 (46 used) [2011/10/11 16:43:51.871992, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.872018, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8388 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.872230, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.872618, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.872667, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.872709, 3] smbd/process.c:1661(process_smb) Transaction 8136 of length 45 (0 toread) [2011/10/11 16:43:51.872751, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.872775, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8452 smt_wct=3 smb_vwv[ 0]=18333 (0x479D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.873035, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.873062, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.873107, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.873150, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.873628, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.873757, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.873803, 3] smbd/reply.c:4850(reply_close) close fd=349 fnum=18333 (numopen=45) [2011/10/11 16:43:51.873844, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.873903, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk, file_id = 803:40424a:0 gen_id = 894 has kernel oplock state of 1. [2011/10/11 16:43:51.873962, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004A42 [2011/10/11 16:43:51.874010, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.874051, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.874115, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf125, type= 0x3, gen_id = 894, uid = 0, flags = 0, file_id 803:40424a:0, name_hash = 0xfff71e78 [2011/10/11 16:43:51.874164, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfff71e78 [2011/10/11 16:43:51.874209, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004A42 [2011/10/11 16:43:51.874263, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk = 0 [2011/10/11 16:43:51.874307, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk [2011/10/11 16:43:51.874354, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk (numopen=44) NT_STATUS_OK [2011/10/11 16:43:51.874400, 5] smbd/files.c:464(file_free) freed files structure 18333 (45 used) [2011/10/11 16:43:51.874445, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.874470, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8452 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.874684, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.875075, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.875126, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.875168, 3] smbd/process.c:1661(process_smb) Transaction 8137 of length 45 (0 toread) [2011/10/11 16:43:51.875228, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.875253, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8516 smt_wct=3 smb_vwv[ 0]=18334 (0x479E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.875513, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.875540, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.875586, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.875629, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.876068, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.876197, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.876245, 3] smbd/reply.c:4850(reply_close) close fd=350 fnum=18334 (numopen=44) [2011/10/11 16:43:51.876287, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.876345, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk, file_id = 803:7fc010:0 gen_id = 895 has kernel oplock state of 1. [2011/10/11 16:43:51.876404, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000010C0 [2011/10/11 16:43:51.876451, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.876494, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.876558, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf2a5, type= 0x3, gen_id = 895, uid = 0, flags = 0, file_id 803:7fc010:0, name_hash = 0xf676605e [2011/10/11 16:43:51.876607, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf676605e [2011/10/11 16:43:51.876656, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000010C0 [2011/10/11 16:43:51.876710, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk = 0 [2011/10/11 16:43:51.876755, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk [2011/10/11 16:43:51.876802, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk (numopen=43) NT_STATUS_OK [2011/10/11 16:43:51.876864, 5] smbd/files.c:464(file_free) freed files structure 18334 (44 used) [2011/10/11 16:43:51.876911, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.876936, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8516 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.877148, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.877518, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:51.877570, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:51.877611, 3] smbd/process.c:1661(process_smb) Transaction 8138 of length 45 (0 toread) [2011/10/11 16:43:51.877653, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.877678, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8580 smt_wct=3 smb_vwv[ 0]=18335 (0x479F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:51.877939, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:51.877965, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:51.878011, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:51.878054, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:51.878494, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:51.878623, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:51.878671, 3] smbd/reply.c:4850(reply_close) close fd=351 fnum=18335 (numopen=43) [2011/10/11 16:43:51.878713, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:51.878772, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk, file_id = 803:40424c:0 gen_id = 896 has kernel oplock state of 1. [2011/10/11 16:43:51.878834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004C42 [2011/10/11 16:43:51.878881, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:51.878923, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:51.878987, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf425, type= 0x3, gen_id = 896, uid = 0, flags = 0, file_id 803:40424c:0, name_hash = 0xaf6c0ea7 [2011/10/11 16:43:51.879054, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaf6c0ea7 [2011/10/11 16:43:51.879100, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004C42 [2011/10/11 16:43:51.879154, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk = 0 [2011/10/11 16:43:51.879199, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk [2011/10/11 16:43:51.879246, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk (numopen=42) NT_STATUS_OK [2011/10/11 16:43:51.879291, 5] smbd/files.c:464(file_free) freed files structure 18335 (43 used) [2011/10/11 16:43:51.879338, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:51.879362, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8580 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:51.879574, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.688480, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.688618, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.688662, 3] smbd/process.c:1661(process_smb) Transaction 8139 of length 45 (0 toread) [2011/10/11 16:43:57.688704, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.688729, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8644 smt_wct=3 smb_vwv[ 0]=18336 (0x47A0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.688991, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.689020, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.689070, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.689115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.689576, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.689712, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.689763, 3] smbd/reply.c:4850(reply_close) close fd=352 fnum=18336 (numopen=42) [2011/10/11 16:43:57.689806, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.689874, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk, file_id = 803:7fc012:0 gen_id = 897 has kernel oplock state of 1. [2011/10/11 16:43:57.689973, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000012C0 [2011/10/11 16:43:57.690029, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.690071, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.690139, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf5a5, type= 0x3, gen_id = 897, uid = 0, flags = 0, file_id 803:7fc012:0, name_hash = 0x52027246 [2011/10/11 16:43:57.690191, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x52027246 [2011/10/11 16:43:57.690238, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000012C0 [2011/10/11 16:43:57.690294, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk = 0 [2011/10/11 16:43:57.690340, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk [2011/10/11 16:43:57.690389, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk (numopen=41) NT_STATUS_OK [2011/10/11 16:43:57.690436, 5] smbd/files.c:464(file_free) freed files structure 18336 (42 used) [2011/10/11 16:43:57.690485, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.690510, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8644 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.690722, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.691148, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.691199, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.691242, 3] smbd/process.c:1661(process_smb) Transaction 8140 of length 45 (0 toread) [2011/10/11 16:43:57.691284, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.691308, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8708 smt_wct=3 smb_vwv[ 0]=18337 (0x47A1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.691568, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.691595, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.691640, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.691684, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.692142, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.692272, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.692318, 3] smbd/reply.c:4850(reply_close) close fd=353 fnum=18337 (numopen=41) [2011/10/11 16:43:57.692360, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.692420, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk, file_id = 803:40424e:0 gen_id = 898 has kernel oplock state of 1. [2011/10/11 16:43:57.692480, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004E42 [2011/10/11 16:43:57.692527, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.692569, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.692633, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf725, type= 0x3, gen_id = 898, uid = 0, flags = 0, file_id 803:40424e:0, name_hash = 0xfe77b478 [2011/10/11 16:43:57.692682, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfe77b478 [2011/10/11 16:43:57.692727, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004E42 [2011/10/11 16:43:57.692781, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk = 0 [2011/10/11 16:43:57.692825, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk [2011/10/11 16:43:57.692872, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk (numopen=40) NT_STATUS_OK [2011/10/11 16:43:57.692917, 5] smbd/files.c:464(file_free) freed files structure 18337 (41 used) [2011/10/11 16:43:57.692963, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.692988, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8708 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.693199, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.693613, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.693666, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.693708, 3] smbd/process.c:1661(process_smb) Transaction 8141 of length 45 (0 toread) [2011/10/11 16:43:57.693750, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.693774, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8772 smt_wct=3 smb_vwv[ 0]=18338 (0x47A2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.694034, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.694061, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.694106, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.694168, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.694610, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.694740, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.694788, 3] smbd/reply.c:4850(reply_close) close fd=354 fnum=18338 (numopen=40) [2011/10/11 16:43:57.694829, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.694890, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk, file_id = 803:404311:0 gen_id = 899 has kernel oplock state of 1. [2011/10/11 16:43:57.694950, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001143 [2011/10/11 16:43:57.694998, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.695040, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.695105, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf8a5, type= 0x3, gen_id = 899, uid = 0, flags = 0, file_id 803:404311:0, name_hash = 0xba365da5 [2011/10/11 16:43:57.695154, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xba365da5 [2011/10/11 16:43:57.695199, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001143 [2011/10/11 16:43:57.695253, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk = 0 [2011/10/11 16:43:57.695298, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk [2011/10/11 16:43:57.695345, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk (numopen=39) NT_STATUS_OK [2011/10/11 16:43:57.695390, 5] smbd/files.c:464(file_free) freed files structure 18338 (40 used) [2011/10/11 16:43:57.695437, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.695462, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8772 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.695674, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.696108, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.696157, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.696215, 3] smbd/process.c:1661(process_smb) Transaction 8142 of length 45 (0 toread) [2011/10/11 16:43:57.696257, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.696281, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8836 smt_wct=3 smb_vwv[ 0]=18339 (0x47A3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.696542, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.696568, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.696613, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.696656, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.697093, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.697222, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.697269, 3] smbd/reply.c:4850(reply_close) close fd=355 fnum=18339 (numopen=39) [2011/10/11 16:43:57.697311, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.697369, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk, file_id = 803:404313:0 gen_id = 900 has kernel oplock state of 1. [2011/10/11 16:43:57.697450, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001343 [2011/10/11 16:43:57.697497, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.697539, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.697602, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfa25, type= 0x3, gen_id = 900, uid = 0, flags = 0, file_id 803:404313:0, name_hash = 0xd0f2ea00 [2011/10/11 16:43:57.697652, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd0f2ea00 [2011/10/11 16:43:57.697696, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001343 [2011/10/11 16:43:57.697750, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk = 0 [2011/10/11 16:43:57.697794, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk [2011/10/11 16:43:57.697856, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk (numopen=38) NT_STATUS_OK [2011/10/11 16:43:57.697902, 5] smbd/files.c:464(file_free) freed files structure 18339 (39 used) [2011/10/11 16:43:57.697949, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.697974, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8836 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.698184, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.698581, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.698632, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.698674, 3] smbd/process.c:1661(process_smb) Transaction 8143 of length 45 (0 toread) [2011/10/11 16:43:57.698715, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.698740, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8900 smt_wct=3 smb_vwv[ 0]=18340 (0x47A4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.699000, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.699027, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.699072, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.699115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.699554, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.699682, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.699729, 3] smbd/reply.c:4850(reply_close) close fd=356 fnum=18340 (numopen=38) [2011/10/11 16:43:57.699771, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.699830, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk, file_id = 803:7fc002:0 gen_id = 901 has kernel oplock state of 1. [2011/10/11 16:43:57.699889, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000002C0 [2011/10/11 16:43:57.699936, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.699978, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.700042, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfba5, type= 0x3, gen_id = 901, uid = 0, flags = 0, file_id 803:7fc002:0, name_hash = 0x27ba6a31 [2011/10/11 16:43:57.700108, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x27ba6a31 [2011/10/11 16:43:57.700154, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000002C0 [2011/10/11 16:43:57.700208, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk = 0 [2011/10/11 16:43:57.700253, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk [2011/10/11 16:43:57.700299, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk (numopen=37) NT_STATUS_OK [2011/10/11 16:43:57.700344, 5] smbd/files.c:464(file_free) freed files structure 18340 (38 used) [2011/10/11 16:43:57.700389, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.700414, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8900 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.700626, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.701031, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.701080, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.701122, 3] smbd/process.c:1661(process_smb) Transaction 8144 of length 45 (0 toread) [2011/10/11 16:43:57.701163, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.701188, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8964 smt_wct=3 smb_vwv[ 0]=18341 (0x47A5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.701468, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.701495, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.701540, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.701583, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.702020, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.702148, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.702195, 3] smbd/reply.c:4850(reply_close) close fd=357 fnum=18341 (numopen=37) [2011/10/11 16:43:57.702237, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.702309, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk, file_id = 803:404315:0 gen_id = 902 has kernel oplock state of 1. [2011/10/11 16:43:57.702369, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001543 [2011/10/11 16:43:57.702417, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.702458, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.702522, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfd25, type= 0x3, gen_id = 902, uid = 0, flags = 0, file_id 803:404315:0, name_hash = 0x289830fa [2011/10/11 16:43:57.702570, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x289830fa [2011/10/11 16:43:57.702615, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001543 [2011/10/11 16:43:57.702669, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk = 0 [2011/10/11 16:43:57.702714, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk [2011/10/11 16:43:57.702760, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk (numopen=36) NT_STATUS_OK [2011/10/11 16:43:57.702805, 5] smbd/files.c:464(file_free) freed files structure 18341 (37 used) [2011/10/11 16:43:57.702850, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.702875, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=8964 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.703087, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.703484, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.703534, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.703576, 3] smbd/process.c:1661(process_smb) Transaction 8145 of length 45 (0 toread) [2011/10/11 16:43:57.703618, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.703643, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9028 smt_wct=3 smb_vwv[ 0]=18342 (0x47A6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.703903, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.703930, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.703976, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.704019, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.704475, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.704603, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.704650, 3] smbd/reply.c:4850(reply_close) close fd=358 fnum=18342 (numopen=36) [2011/10/11 16:43:57.704692, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.704750, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk, file_id = 803:404317:0 gen_id = 903 has kernel oplock state of 1. [2011/10/11 16:43:57.704810, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001743 [2011/10/11 16:43:57.704857, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.704898, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.704962, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfea5, type= 0x3, gen_id = 903, uid = 0, flags = 0, file_id 803:404317:0, name_hash = 0x215b619a [2011/10/11 16:43:57.705010, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x215b619a [2011/10/11 16:43:57.705055, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001743 [2011/10/11 16:43:57.705108, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk = 0 [2011/10/11 16:43:57.705153, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk [2011/10/11 16:43:57.705200, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk (numopen=35) NT_STATUS_OK [2011/10/11 16:43:57.705244, 5] smbd/files.c:464(file_free) freed files structure 18342 (36 used) [2011/10/11 16:43:57.705290, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.705315, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9028 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.705547, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.705965, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.706015, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.706057, 3] smbd/process.c:1661(process_smb) Transaction 8146 of length 45 (0 toread) [2011/10/11 16:43:57.706099, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.706123, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9092 smt_wct=3 smb_vwv[ 0]=18343 (0x47A7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.706382, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.706409, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.706469, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.706514, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.706952, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.707080, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.707127, 3] smbd/reply.c:4850(reply_close) close fd=359 fnum=18343 (numopen=35) [2011/10/11 16:43:57.707169, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.707228, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk, file_id = 803:404319:0 gen_id = 904 has kernel oplock state of 1. [2011/10/11 16:43:57.707287, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001943 [2011/10/11 16:43:57.707334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.707376, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.707440, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x25, type= 0x3, gen_id = 904, uid = 0, flags = 0, file_id 803:404319:0, name_hash = 0x7fc6add3 [2011/10/11 16:43:57.707489, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7fc6add3 [2011/10/11 16:43:57.707543, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001943 [2011/10/11 16:43:57.707596, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk = 0 [2011/10/11 16:43:57.707641, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk [2011/10/11 16:43:57.707688, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk (numopen=34) NT_STATUS_OK [2011/10/11 16:43:57.707732, 5] smbd/files.c:464(file_free) freed files structure 18343 (35 used) [2011/10/11 16:43:57.707778, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.707803, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9092 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.708015, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.708411, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.708476, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.708518, 3] smbd/process.c:1661(process_smb) Transaction 8147 of length 45 (0 toread) [2011/10/11 16:43:57.708560, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.708584, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9156 smt_wct=3 smb_vwv[ 0]=18344 (0x47A8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.708845, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.708871, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.708916, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.708959, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.709420, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.709550, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.709597, 3] smbd/reply.c:4850(reply_close) close fd=360 fnum=18344 (numopen=34) [2011/10/11 16:43:57.709639, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.709697, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk, file_id = 803:40431b:0 gen_id = 905 has kernel oplock state of 1. [2011/10/11 16:43:57.709757, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000001B43 [2011/10/11 16:43:57.709805, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.709846, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.709910, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1a5, type= 0x3, gen_id = 905, uid = 0, flags = 0, file_id 803:40431b:0, name_hash = 0xc1c70b34 [2011/10/11 16:43:57.709958, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc1c70b34 [2011/10/11 16:43:57.710003, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000001B43 [2011/10/11 16:43:57.710057, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk = 0 [2011/10/11 16:43:57.710101, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk [2011/10/11 16:43:57.710162, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk (numopen=33) NT_STATUS_OK [2011/10/11 16:43:57.710208, 5] smbd/files.c:464(file_free) freed files structure 18344 (34 used) [2011/10/11 16:43:57.710255, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.710280, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9156 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.710493, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.710898, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.710949, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.710991, 3] smbd/process.c:1661(process_smb) Transaction 8148 of length 45 (0 toread) [2011/10/11 16:43:57.711033, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.711057, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9220 smt_wct=3 smb_vwv[ 0]=18345 (0x47A9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.711319, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.711345, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.711391, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.711434, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.711877, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.712006, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.712051, 3] smbd/reply.c:4850(reply_close) close fd=361 fnum=18345 (numopen=33) [2011/10/11 16:43:57.712093, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.712151, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk, file_id = 803:404322:0 gen_id = 906 has kernel oplock state of 1. [2011/10/11 16:43:57.712210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002243 [2011/10/11 16:43:57.712258, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.712299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.712363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x325, type= 0x3, gen_id = 906, uid = 0, flags = 0, file_id 803:404322:0, name_hash = 0x2920e50d [2011/10/11 16:43:57.712429, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2920e50d [2011/10/11 16:43:57.712474, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002243 [2011/10/11 16:43:57.712527, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk = 0 [2011/10/11 16:43:57.712572, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk [2011/10/11 16:43:57.712618, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk (numopen=32) NT_STATUS_OK [2011/10/11 16:43:57.712663, 5] smbd/files.c:464(file_free) freed files structure 18345 (33 used) [2011/10/11 16:43:57.712707, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.712732, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.712944, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.713351, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.713419, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.713461, 3] smbd/process.c:1661(process_smb) Transaction 8149 of length 45 (0 toread) [2011/10/11 16:43:57.713503, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.713527, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9284 smt_wct=3 smb_vwv[ 0]=18346 (0x47AA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.713787, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.713814, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.713858, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.713902, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.714341, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.714469, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.714513, 3] smbd/reply.c:4850(reply_close) close fd=362 fnum=18346 (numopen=32) [2011/10/11 16:43:57.714571, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.714629, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk, file_id = 803:404324:0 gen_id = 907 has kernel oplock state of 1. [2011/10/11 16:43:57.714689, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002443 [2011/10/11 16:43:57.714736, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.714778, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.714841, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x4a5, type= 0x3, gen_id = 907, uid = 0, flags = 0, file_id 803:404324:0, name_hash = 0x4c50dd80 [2011/10/11 16:43:57.714889, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4c50dd80 [2011/10/11 16:43:57.714934, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002443 [2011/10/11 16:43:57.714988, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk = 0 [2011/10/11 16:43:57.715033, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk [2011/10/11 16:43:57.715079, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk (numopen=31) NT_STATUS_OK [2011/10/11 16:43:57.715124, 5] smbd/files.c:464(file_free) freed files structure 18346 (32 used) [2011/10/11 16:43:57.715170, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.715195, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9284 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.715407, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.715801, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.715851, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.715893, 3] smbd/process.c:1661(process_smb) Transaction 8150 of length 45 (0 toread) [2011/10/11 16:43:57.715935, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.715959, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9348 smt_wct=3 smb_vwv[ 0]=18347 (0x47AB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.716220, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.716247, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.716292, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.716335, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.716793, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.716921, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.716966, 3] smbd/reply.c:4850(reply_close) close fd=363 fnum=18347 (numopen=31) [2011/10/11 16:43:57.717008, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.717066, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk, file_id = 803:404326:0 gen_id = 908 has kernel oplock state of 1. [2011/10/11 16:43:57.717125, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002643 [2011/10/11 16:43:57.717172, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.717214, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.717277, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x625, type= 0x3, gen_id = 908, uid = 0, flags = 0, file_id 803:404326:0, name_hash = 0xd2ec17ce [2011/10/11 16:43:57.717327, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd2ec17ce [2011/10/11 16:43:57.717371, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002643 [2011/10/11 16:43:57.717445, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk = 0 [2011/10/11 16:43:57.717490, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk [2011/10/11 16:43:57.717536, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk (numopen=30) NT_STATUS_OK [2011/10/11 16:43:57.717581, 5] smbd/files.c:464(file_free) freed files structure 18347 (31 used) [2011/10/11 16:43:57.717628, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.717652, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.717865, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.718257, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.718307, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.718349, 3] smbd/process.c:1661(process_smb) Transaction 8151 of length 45 (0 toread) [2011/10/11 16:43:57.718391, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.718416, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9412 smt_wct=3 smb_vwv[ 0]=18348 (0x47AC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.718677, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.718704, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.718766, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.718809, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.719250, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.719379, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.719424, 3] smbd/reply.c:4850(reply_close) close fd=364 fnum=18348 (numopen=30) [2011/10/11 16:43:57.719465, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.719524, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk, file_id = 803:404328:0 gen_id = 909 has kernel oplock state of 1. [2011/10/11 16:43:57.719583, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002843 [2011/10/11 16:43:57.719630, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.719672, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.719736, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x7a5, type= 0x3, gen_id = 909, uid = 0, flags = 0, file_id 803:404328:0, name_hash = 0xb80a4497 [2011/10/11 16:43:57.719786, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb80a4497 [2011/10/11 16:43:57.719830, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002843 [2011/10/11 16:43:57.719884, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk = 0 [2011/10/11 16:43:57.719929, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk [2011/10/11 16:43:57.719975, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk (numopen=29) NT_STATUS_OK [2011/10/11 16:43:57.720020, 5] smbd/files.c:464(file_free) freed files structure 18348 (30 used) [2011/10/11 16:43:57.720065, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.720091, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9412 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.720304, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.720704, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.720754, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.720796, 3] smbd/process.c:1661(process_smb) Transaction 8152 of length 45 (0 toread) [2011/10/11 16:43:57.720837, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.720862, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9476 smt_wct=3 smb_vwv[ 0]=18349 (0x47AD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.721122, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.721148, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.721193, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.721236, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.721695, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.721823, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.721868, 3] smbd/reply.c:4850(reply_close) close fd=365 fnum=18349 (numopen=29) [2011/10/11 16:43:57.721909, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.721968, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk, file_id = 803:40432a:0 gen_id = 910 has kernel oplock state of 1. [2011/10/11 16:43:57.722027, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002A43 [2011/10/11 16:43:57.722074, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.722116, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.722179, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x925, type= 0x3, gen_id = 910, uid = 0, flags = 0, file_id 803:40432a:0, name_hash = 0x59fd0893 [2011/10/11 16:43:57.722228, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x59fd0893 [2011/10/11 16:43:57.722273, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002A43 [2011/10/11 16:43:57.722327, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk = 0 [2011/10/11 16:43:57.722387, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk [2011/10/11 16:43:57.722434, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk (numopen=28) NT_STATUS_OK [2011/10/11 16:43:57.722479, 5] smbd/files.c:464(file_free) freed files structure 18349 (29 used) [2011/10/11 16:43:57.722527, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.722552, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9476 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.722764, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.723165, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.723216, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.723258, 3] smbd/process.c:1661(process_smb) Transaction 8153 of length 45 (0 toread) [2011/10/11 16:43:57.723299, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.723324, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9540 smt_wct=3 smb_vwv[ 0]=18350 (0x47AE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.723584, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.723611, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.723656, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.723699, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.724137, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.724266, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.724313, 3] smbd/reply.c:4850(reply_close) close fd=366 fnum=18350 (numopen=28) [2011/10/11 16:43:57.724354, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.724412, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk, file_id = 803:40432c:0 gen_id = 911 has kernel oplock state of 1. [2011/10/11 16:43:57.724471, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002C43 [2011/10/11 16:43:57.724518, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.724560, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.724638, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaa5, type= 0x3, gen_id = 911, uid = 0, flags = 0, file_id 803:40432c:0, name_hash = 0x532fd912 [2011/10/11 16:43:57.724688, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x532fd912 [2011/10/11 16:43:57.724733, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002C43 [2011/10/11 16:43:57.724787, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk = 0 [2011/10/11 16:43:57.724831, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk [2011/10/11 16:43:57.724878, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk (numopen=27) NT_STATUS_OK [2011/10/11 16:43:57.724923, 5] smbd/files.c:464(file_free) freed files structure 18350 (28 used) [2011/10/11 16:43:57.724969, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.724994, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9540 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.725205, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.725602, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.725652, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.725694, 3] smbd/process.c:1661(process_smb) Transaction 8154 of length 45 (0 toread) [2011/10/11 16:43:57.725735, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.725760, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9604 smt_wct=3 smb_vwv[ 0]=18351 (0x47AF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.726019, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.726046, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.726091, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.726134, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.726572, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.726701, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.726761, 3] smbd/reply.c:4850(reply_close) close fd=367 fnum=18351 (numopen=27) [2011/10/11 16:43:57.726804, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.726862, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk, file_id = 803:40423f:0 gen_id = 912 has kernel oplock state of 1. [2011/10/11 16:43:57.726921, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003F42 [2011/10/11 16:43:57.726969, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.727010, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.727073, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc25, type= 0x3, gen_id = 912, uid = 0, flags = 0, file_id 803:40423f:0, name_hash = 0xb96b9eb8 [2011/10/11 16:43:57.727122, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb96b9eb8 [2011/10/11 16:43:57.727166, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003F42 [2011/10/11 16:43:57.727219, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk = 0 [2011/10/11 16:43:57.727264, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk [2011/10/11 16:43:57.727310, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk (numopen=26) NT_STATUS_OK [2011/10/11 16:43:57.727357, 5] smbd/files.c:464(file_free) freed files structure 18351 (27 used) [2011/10/11 16:43:57.727403, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.727428, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9604 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.727640, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.728073, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.728121, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.728163, 3] smbd/process.c:1661(process_smb) Transaction 8155 of length 45 (0 toread) [2011/10/11 16:43:57.728204, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.728229, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9668 smt_wct=3 smb_vwv[ 0]=18352 (0x47B0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.728489, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.728515, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.728559, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.728603, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.729056, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.729184, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.729230, 3] smbd/reply.c:4850(reply_close) close fd=368 fnum=18352 (numopen=26) [2011/10/11 16:43:57.729272, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.729328, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk, file_id = 803:40432e:0 gen_id = 913 has kernel oplock state of 1. [2011/10/11 16:43:57.729406, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000002E43 [2011/10/11 16:43:57.729453, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.729495, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.729558, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xda5, type= 0x3, gen_id = 913, uid = 0, flags = 0, file_id 803:40432e:0, name_hash = 0x77f7f64e [2011/10/11 16:43:57.729607, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x77f7f64e [2011/10/11 16:43:57.729655, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000002E43 [2011/10/11 16:43:57.729709, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk = 0 [2011/10/11 16:43:57.729753, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk [2011/10/11 16:43:57.729799, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk (numopen=25) NT_STATUS_OK [2011/10/11 16:43:57.729844, 5] smbd/files.c:464(file_free) freed files structure 18352 (26 used) [2011/10/11 16:43:57.729890, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.729914, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9668 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.730126, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.730536, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.730586, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.730628, 3] smbd/process.c:1661(process_smb) Transaction 8156 of length 45 (0 toread) [2011/10/11 16:43:57.730670, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.730694, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9732 smt_wct=3 smb_vwv[ 0]=18353 (0x47B1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.730970, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.730997, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.731043, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.731086, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.731526, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.731654, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.731701, 3] smbd/reply.c:4850(reply_close) close fd=369 fnum=18353 (numopen=25) [2011/10/11 16:43:57.731742, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.731802, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk, file_id = 803:404330:0 gen_id = 914 has kernel oplock state of 1. [2011/10/11 16:43:57.731861, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003043 [2011/10/11 16:43:57.731908, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.731950, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.732013, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf25, type= 0x3, gen_id = 914, uid = 0, flags = 0, file_id 803:404330:0, name_hash = 0x1acada29 [2011/10/11 16:43:57.732062, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1acada29 [2011/10/11 16:43:57.732107, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003043 [2011/10/11 16:43:57.732161, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk = 0 [2011/10/11 16:43:57.732206, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk [2011/10/11 16:43:57.732252, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk (numopen=24) NT_STATUS_OK [2011/10/11 16:43:57.732297, 5] smbd/files.c:464(file_free) freed files structure 18353 (25 used) [2011/10/11 16:43:57.732343, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.732368, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9732 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.732595, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.733007, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.733056, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.733098, 3] smbd/process.c:1661(process_smb) Transaction 8157 of length 45 (0 toread) [2011/10/11 16:43:57.733139, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.733164, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9796 smt_wct=3 smb_vwv[ 0]=18354 (0x47B2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.733442, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.733469, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.733514, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.733557, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.733995, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.734122, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.734168, 3] smbd/reply.c:4850(reply_close) close fd=370 fnum=18354 (numopen=24) [2011/10/11 16:43:57.734210, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.734267, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk, file_id = 803:404332:0 gen_id = 915 has kernel oplock state of 1. [2011/10/11 16:43:57.734327, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003243 [2011/10/11 16:43:57.734374, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.734415, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.734478, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x10a5, type= 0x3, gen_id = 915, uid = 0, flags = 0, file_id 803:404332:0, name_hash = 0x1c1d5333 [2011/10/11 16:43:57.734527, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1c1d5333 [2011/10/11 16:43:57.734576, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003243 [2011/10/11 16:43:57.734629, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk = 0 [2011/10/11 16:43:57.734694, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk [2011/10/11 16:43:57.734742, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk (numopen=23) NT_STATUS_OK [2011/10/11 16:43:57.734787, 5] smbd/files.c:464(file_free) freed files structure 18354 (24 used) [2011/10/11 16:43:57.734832, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.734857, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9796 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.735068, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.735452, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.735503, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.735545, 3] smbd/process.c:1661(process_smb) Transaction 8158 of length 45 (0 toread) [2011/10/11 16:43:57.735586, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.735611, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9860 smt_wct=3 smb_vwv[ 0]=18355 (0x47B3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.735870, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.735897, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.735942, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.735985, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.736422, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.736549, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.736596, 3] smbd/reply.c:4850(reply_close) close fd=371 fnum=18355 (numopen=23) [2011/10/11 16:43:57.736637, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.736695, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk, file_id = 803:404334:0 gen_id = 916 has kernel oplock state of 1. [2011/10/11 16:43:57.736755, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003443 [2011/10/11 16:43:57.736801, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.736843, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.736924, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1225, type= 0x3, gen_id = 916, uid = 0, flags = 0, file_id 803:404334:0, name_hash = 0xc8a13f00 [2011/10/11 16:43:57.736973, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc8a13f00 [2011/10/11 16:43:57.737018, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003443 [2011/10/11 16:43:57.737071, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk = 0 [2011/10/11 16:43:57.737116, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk [2011/10/11 16:43:57.737162, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk (numopen=22) NT_STATUS_OK [2011/10/11 16:43:57.737207, 5] smbd/files.c:464(file_free) freed files structure 18355 (23 used) [2011/10/11 16:43:57.737254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.737279, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9860 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.737511, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.737907, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.737957, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.737999, 3] smbd/process.c:1661(process_smb) Transaction 8159 of length 45 (0 toread) [2011/10/11 16:43:57.738041, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.738065, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9924 smt_wct=3 smb_vwv[ 0]=18356 (0x47B4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.738326, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.738352, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.738397, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.738440, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.738879, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.739008, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.739071, 3] smbd/reply.c:4850(reply_close) close fd=372 fnum=18356 (numopen=22) [2011/10/11 16:43:57.739113, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.739172, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk, file_id = 803:404336:0 gen_id = 917 has kernel oplock state of 1. [2011/10/11 16:43:57.739231, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003643 [2011/10/11 16:43:57.739279, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.739321, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.739384, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x13a5, type= 0x3, gen_id = 917, uid = 0, flags = 0, file_id 803:404336:0, name_hash = 0x1b60bce8 [2011/10/11 16:43:57.739434, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1b60bce8 [2011/10/11 16:43:57.739478, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003643 [2011/10/11 16:43:57.739532, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk = 0 [2011/10/11 16:43:57.739577, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk [2011/10/11 16:43:57.739623, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk (numopen=21) NT_STATUS_OK [2011/10/11 16:43:57.739668, 5] smbd/files.c:464(file_free) freed files structure 18356 (22 used) [2011/10/11 16:43:57.739713, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.739738, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9924 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.739950, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.740326, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.740374, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.740416, 3] smbd/process.c:1661(process_smb) Transaction 8160 of length 45 (0 toread) [2011/10/11 16:43:57.740457, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.740482, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9988 smt_wct=3 smb_vwv[ 0]=18357 (0x47B5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.740741, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.740768, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.740813, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.740856, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.741311, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.741460, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.741507, 3] smbd/reply.c:4850(reply_close) close fd=373 fnum=18357 (numopen=21) [2011/10/11 16:43:57.741549, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.741607, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk, file_id = 803:404339:0 gen_id = 918 has kernel oplock state of 1. [2011/10/11 16:43:57.741666, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003943 [2011/10/11 16:43:57.741714, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.741756, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.741819, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1525, type= 0x3, gen_id = 918, uid = 0, flags = 0, file_id 803:404339:0, name_hash = 0x8a6a4957 [2011/10/11 16:43:57.741868, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8a6a4957 [2011/10/11 16:43:57.741912, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003943 [2011/10/11 16:43:57.741966, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk = 0 [2011/10/11 16:43:57.742011, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk [2011/10/11 16:43:57.742058, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk (numopen=20) NT_STATUS_OK [2011/10/11 16:43:57.742102, 5] smbd/files.c:464(file_free) freed files structure 18357 (21 used) [2011/10/11 16:43:57.742148, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.742173, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=9988 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.742385, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.742774, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.742824, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.742866, 3] smbd/process.c:1661(process_smb) Transaction 8161 of length 45 (0 toread) [2011/10/11 16:43:57.742907, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.742932, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10052 smt_wct=3 smb_vwv[ 0]=18358 (0x47B6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.743207, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.743234, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.743279, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.743323, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.743762, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.743890, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.743935, 3] smbd/reply.c:4850(reply_close) close fd=374 fnum=18358 (numopen=20) [2011/10/11 16:43:57.743976, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.744034, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk, file_id = 803:40433b:0 gen_id = 919 has kernel oplock state of 1. [2011/10/11 16:43:57.744094, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003B43 [2011/10/11 16:43:57.744141, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.744183, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.744247, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x16a5, type= 0x3, gen_id = 919, uid = 0, flags = 0, file_id 803:40433b:0, name_hash = 0x3581512a [2011/10/11 16:43:57.744295, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3581512a [2011/10/11 16:43:57.744340, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003B43 [2011/10/11 16:43:57.744394, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk = 0 [2011/10/11 16:43:57.744439, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk [2011/10/11 16:43:57.744488, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk (numopen=19) NT_STATUS_OK [2011/10/11 16:43:57.744533, 5] smbd/files.c:464(file_free) freed files structure 18358 (20 used) [2011/10/11 16:43:57.744578, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.744603, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10052 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.744832, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.745238, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.745287, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.745329, 3] smbd/process.c:1661(process_smb) Transaction 8162 of length 45 (0 toread) [2011/10/11 16:43:57.745371, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.745415, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10116 smt_wct=3 smb_vwv[ 0]=18359 (0x47B7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.745677, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.745703, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.745748, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.745792, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.746233, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.746362, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.746409, 3] smbd/reply.c:4850(reply_close) close fd=375 fnum=18359 (numopen=19) [2011/10/11 16:43:57.746451, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.746510, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk, file_id = 803:40433d:0 gen_id = 920 has kernel oplock state of 1. [2011/10/11 16:43:57.746570, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003D43 [2011/10/11 16:43:57.746617, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.746659, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.746722, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1825, type= 0x3, gen_id = 920, uid = 0, flags = 0, file_id 803:40433d:0, name_hash = 0x1755dcbf [2011/10/11 16:43:57.746771, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1755dcbf [2011/10/11 16:43:57.746816, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003D43 [2011/10/11 16:43:57.746886, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk = 0 [2011/10/11 16:43:57.746932, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk [2011/10/11 16:43:57.746979, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk (numopen=18) NT_STATUS_OK [2011/10/11 16:43:57.747024, 5] smbd/files.c:464(file_free) freed files structure 18359 (19 used) [2011/10/11 16:43:57.747069, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.747094, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10116 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.747307, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.747720, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.747770, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.747812, 3] smbd/process.c:1661(process_smb) Transaction 8163 of length 45 (0 toread) [2011/10/11 16:43:57.747854, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.747879, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10180 smt_wct=3 smb_vwv[ 0]=18360 (0x47B8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.748140, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.748167, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.748212, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.748255, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.748695, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.748823, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.748868, 3] smbd/reply.c:4850(reply_close) close fd=376 fnum=18360 (numopen=18) [2011/10/11 16:43:57.748910, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.748967, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk, file_id = 803:40433f:0 gen_id = 921 has kernel oplock state of 1. [2011/10/11 16:43:57.749027, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000003F43 [2011/10/11 16:43:57.749074, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.749133, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.749196, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x19a5, type= 0x3, gen_id = 921, uid = 0, flags = 0, file_id 803:40433f:0, name_hash = 0xcf0eb539 [2011/10/11 16:43:57.749245, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcf0eb539 [2011/10/11 16:43:57.749290, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000003F43 [2011/10/11 16:43:57.749344, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk = 0 [2011/10/11 16:43:57.749408, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk [2011/10/11 16:43:57.749455, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (38).lnk (numopen=17) NT_STATUS_OK [2011/10/11 16:43:57.749500, 5] smbd/files.c:464(file_free) freed files structure 18360 (18 used) [2011/10/11 16:43:57.749546, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.749571, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10180 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.749784, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.750199, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.750248, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.750290, 3] smbd/process.c:1661(process_smb) Transaction 8164 of length 45 (0 toread) [2011/10/11 16:43:57.750332, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.750356, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10244 smt_wct=3 smb_vwv[ 0]=18367 (0x47BF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.750617, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.750644, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.750689, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.750732, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.751173, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.751318, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.751362, 3] smbd/reply.c:4850(reply_close) close fd=383 fnum=18367 (numopen=17) [2011/10/11 16:43:57.751403, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.751462, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk, file_id = 803:40414d:0 gen_id = 928 has kernel oplock state of 1. [2011/10/11 16:43:57.751523, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004D41 [2011/10/11 16:43:57.751570, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.751612, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.751676, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2425, type= 0x3, gen_id = 928, uid = 0, flags = 0, file_id 803:40414d:0, name_hash = 0x9f67f8f5 [2011/10/11 16:43:57.751725, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9f67f8f5 [2011/10/11 16:43:57.751770, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004D41 [2011/10/11 16:43:57.751823, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk = 0 [2011/10/11 16:43:57.751868, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk [2011/10/11 16:43:57.751914, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk (numopen=16) NT_STATUS_OK [2011/10/11 16:43:57.751959, 5] smbd/files.c:464(file_free) freed files structure 18367 (17 used) [2011/10/11 16:43:57.752006, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.752031, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10244 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.752243, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.752641, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.752690, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.752732, 3] smbd/process.c:1661(process_smb) Transaction 8165 of length 45 (0 toread) [2011/10/11 16:43:57.752773, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.752798, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10308 smt_wct=3 smb_vwv[ 0]=18428 (0x47FC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.753059, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.753085, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.753130, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.753173, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.753648, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.753777, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.753822, 3] smbd/reply.c:4850(reply_close) close fd=384 fnum=18428 (numopen=16) [2011/10/11 16:43:57.753864, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.753920, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini, file_id = 803:404092:0 gen_id = 989 has kernel oplock state of 1. [2011/10/11 16:43:57.753980, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009240 [2011/10/11 16:43:57.754028, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d40 [2011/10/11 16:43:57.754070, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:34 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:57.754133, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:57.754191, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:57.754239, 10] smbd/close.c:318(close_remove_share_mode) close_remove_share_mode: update to current time for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:57.754286, 6] smbd/close.c:527(set_close_write_time) close_write_time: Tue Oct 11 16:43:58 2011 [2011/10/11 16:43:57.754336, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7cf1a00a [2011/10/11 16:43:57.754380, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009240 [2011/10/11 16:43:57.754433, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini = 0 [2011/10/11 16:43:57.754479, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:57.754535, 5] locking/locking.c:1657(set_write_time) set_write_time: Tue Oct 11 16:43:58 2011 CEST id=803:404092:0 [2011/10/11 16:43:57.754593, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009240 [2011/10/11 16:43:57.754638, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0be6100 [2011/10/11 16:43:57.754680, 3] locking/locking.c:986(get_share_mode_lock) fill_share_mode_lock failed [2011/10/11 16:43:57.754721, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009240 [2011/10/11 16:43:57.754794, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009240 [2011/10/11 16:43:57.754840, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c82750 [2011/10/11 16:43:57.754882, 3] locking/locking.c:986(get_share_mode_lock) fill_share_mode_lock failed [2011/10/11 16:43:57.754922, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009240 [2011/10/11 16:43:57.754974, 5] smbd/trans2.c:5483(smb_set_file_time) smb_set_filetime: actime: Thu Jan 1 01:00:00 1970 smb_set_filetime: modtime: Tue Oct 11 16:43:58 2011 smb_set_filetime: ctime: Thu Jan 1 01:00:00 1970 smb_set_file_time: createtime: Thu Jan 1 01:00:00 1970 smb_set_file_time: setting utimes to modified values. [2011/10/11 16:43:57.755163, 6] smbd/dosmode.c:953(file_ntimes) file_ntime: actime: Thu Jan 1 01:00:00 1970 [2011/10/11 16:43:57.755210, 6] smbd/dosmode.c:955(file_ntimes) file_ntime: modtime: Tue Oct 11 16:43:58 2011 [2011/10/11 16:43:57.755258, 6] smbd/dosmode.c:957(file_ntimes) file_ntime: ctime: Thu Jan 1 01:00:00 1970 [2011/10/11 16:43:57.755305, 6] smbd/dosmode.c:959(file_ntimes) file_ntime: createtime: Thu Jan 1 01:00:00 1970 [2011/10/11 16:43:57.755383, 10] smbd/notify_internal.c:930(notify_trigger) notify_trigger called action=0x3, filter=0x0, path=/home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:57.755430, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini (numopen=15) NT_STATUS_OK [2011/10/11 16:43:57.755475, 5] smbd/files.c:464(file_free) freed files structure 18428 (16 used) [2011/10/11 16:43:57.755524, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.755548, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10308 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.755762, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.756166, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.756218, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.756260, 3] smbd/process.c:1661(process_smb) Transaction 8166 of length 45 (0 toread) [2011/10/11 16:43:57.756302, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.756327, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10372 smt_wct=3 smb_vwv[ 0]=18295 (0x4777) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.756587, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.756614, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.756659, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.756703, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.757163, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.757292, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.757340, 3] smbd/reply.c:4850(reply_close) close fd=311 fnum=18295 (numopen=15) [2011/10/11 16:43:57.757401, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.757462, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk, file_id = 803:404240:0 gen_id = 856 has kernel oplock state of 1. [2011/10/11 16:43:57.757523, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004042 [2011/10/11 16:43:57.757572, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.757613, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.757678, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb825, type= 0x3, gen_id = 856, uid = 0, flags = 0, file_id 803:404240:0, name_hash = 0x15b5ae60 [2011/10/11 16:43:57.757728, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x15b5ae60 [2011/10/11 16:43:57.757773, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004042 [2011/10/11 16:43:57.757828, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk = 0 [2011/10/11 16:43:57.757873, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk [2011/10/11 16:43:57.757920, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk (numopen=14) NT_STATUS_OK [2011/10/11 16:43:57.757966, 5] smbd/files.c:464(file_free) freed files structure 18295 (15 used) [2011/10/11 16:43:57.758016, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.758041, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10372 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.758254, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.758653, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.758703, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.758745, 3] smbd/process.c:1661(process_smb) Transaction 8167 of length 45 (0 toread) [2011/10/11 16:43:57.758786, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.758811, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10436 smt_wct=3 smb_vwv[ 0]=18296 (0x4778) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.759071, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.759098, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.759143, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.759186, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.759644, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.759773, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.759820, 3] smbd/reply.c:4850(reply_close) close fd=312 fnum=18296 (numopen=14) [2011/10/11 16:43:57.759862, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.759919, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk, file_id = 803:7fc003:0 gen_id = 857 has kernel oplock state of 1. [2011/10/11 16:43:57.759979, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000003C0 [2011/10/11 16:43:57.760026, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.760067, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.760131, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb9a5, type= 0x3, gen_id = 857, uid = 0, flags = 0, file_id 803:7fc003:0, name_hash = 0x9cca7c91 [2011/10/11 16:43:57.760180, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9cca7c91 [2011/10/11 16:43:57.760225, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000003C0 [2011/10/11 16:43:57.760278, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk = 0 [2011/10/11 16:43:57.760323, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk [2011/10/11 16:43:57.760369, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk (numopen=13) NT_STATUS_OK [2011/10/11 16:43:57.760415, 5] smbd/files.c:464(file_free) freed files structure 18296 (14 used) [2011/10/11 16:43:57.760464, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.760489, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10436 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.760701, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.761127, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.761176, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.761218, 3] smbd/process.c:1661(process_smb) Transaction 8168 of length 45 (0 toread) [2011/10/11 16:43:57.761275, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.761300, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10500 smt_wct=3 smb_vwv[ 0]=18297 (0x4779) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.761583, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.761609, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.761654, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.761698, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.762138, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.762267, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.762312, 3] smbd/reply.c:4850(reply_close) close fd=313 fnum=18297 (numopen=13) [2011/10/11 16:43:57.762353, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.762412, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk, file_id = 803:404242:0 gen_id = 858 has kernel oplock state of 1. [2011/10/11 16:43:57.762472, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004242 [2011/10/11 16:43:57.762519, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0c81d50 [2011/10/11 16:43:57.762561, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.762625, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbb25, type= 0x3, gen_id = 858, uid = 0, flags = 0, file_id 803:404242:0, name_hash = 0x2402eac4 [2011/10/11 16:43:57.762673, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2402eac4 [2011/10/11 16:43:57.762718, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004242 [2011/10/11 16:43:57.762772, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk = 0 [2011/10/11 16:43:57.762817, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk [2011/10/11 16:43:57.762864, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk (numopen=12) NT_STATUS_OK [2011/10/11 16:43:57.762923, 5] smbd/files.c:464(file_free) freed files structure 18297 (13 used) [2011/10/11 16:43:57.762971, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.762996, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10500 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.763209, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.763618, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.763669, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.763711, 3] smbd/process.c:1661(process_smb) Transaction 8169 of length 45 (0 toread) [2011/10/11 16:43:57.763752, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.763777, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10564 smt_wct=3 smb_vwv[ 0]=18298 (0x477A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.764038, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.764065, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.764110, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.764153, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.764592, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.764721, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.764765, 3] smbd/reply.c:4850(reply_close) close fd=314 fnum=18298 (numopen=12) [2011/10/11 16:43:57.764807, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.764865, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk, file_id = 803:7fc009:0 gen_id = 859 has kernel oplock state of 1. [2011/10/11 16:43:57.764925, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000009C0 [2011/10/11 16:43:57.764972, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0cd9160 [2011/10/11 16:43:57.765014, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.765078, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbca5, type= 0x3, gen_id = 859, uid = 0, flags = 0, file_id 803:7fc009:0, name_hash = 0xff899459 [2011/10/11 16:43:57.765144, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xff899459 [2011/10/11 16:43:57.765190, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000009C0 [2011/10/11 16:43:57.765243, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk = 0 [2011/10/11 16:43:57.765288, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk [2011/10/11 16:43:57.765335, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk (numopen=11) NT_STATUS_OK [2011/10/11 16:43:57.765400, 5] smbd/files.c:464(file_free) freed files structure 18298 (12 used) [2011/10/11 16:43:57.765447, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.765472, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10564 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.765684, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.766065, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.766114, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.766156, 3] smbd/process.c:1661(process_smb) Transaction 8170 of length 45 (0 toread) [2011/10/11 16:43:57.766197, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.766222, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10628 smt_wct=3 smb_vwv[ 0]=18299 (0x477B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.766483, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.766510, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.766555, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.766598, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.767036, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.767164, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.767208, 3] smbd/reply.c:4850(reply_close) close fd=315 fnum=18299 (numopen=11) [2011/10/11 16:43:57.767250, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.767308, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk, file_id = 803:7fc00b:0 gen_id = 860 has kernel oplock state of 1. [2011/10/11 16:43:57.767384, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000BC0 [2011/10/11 16:43:57.767433, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.767475, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.767539, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbe25, type= 0x3, gen_id = 860, uid = 0, flags = 0, file_id 803:7fc00b:0, name_hash = 0x5de48b12 [2011/10/11 16:43:57.767588, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5de48b12 [2011/10/11 16:43:57.767633, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000BC0 [2011/10/11 16:43:57.767687, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk = 0 [2011/10/11 16:43:57.767732, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk [2011/10/11 16:43:57.767778, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk (numopen=10) NT_STATUS_OK [2011/10/11 16:43:57.767823, 5] smbd/files.c:464(file_free) freed files structure 18299 (11 used) [2011/10/11 16:43:57.767871, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.767896, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10628 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.768110, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.768517, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.768565, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.768607, 3] smbd/process.c:1661(process_smb) Transaction 8171 of length 45 (0 toread) [2011/10/11 16:43:57.768649, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.768674, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10692 smt_wct=3 smb_vwv[ 0]=18300 (0x477C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.768935, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.768962, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.769007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.769050, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.769524, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.769653, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.769698, 3] smbd/reply.c:4850(reply_close) close fd=316 fnum=18300 (numopen=10) [2011/10/11 16:43:57.769740, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.769799, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk, file_id = 803:404243:0 gen_id = 861 has kernel oplock state of 1. [2011/10/11 16:43:57.769858, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004342 [2011/10/11 16:43:57.769906, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.769948, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.770011, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbfa5, type= 0x3, gen_id = 861, uid = 0, flags = 0, file_id 803:404243:0, name_hash = 0xa4a66cc6 [2011/10/11 16:43:57.770060, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa4a66cc6 [2011/10/11 16:43:57.770104, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004342 [2011/10/11 16:43:57.770158, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk = 0 [2011/10/11 16:43:57.770202, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk [2011/10/11 16:43:57.770249, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk (numopen=9) NT_STATUS_OK [2011/10/11 16:43:57.770294, 5] smbd/files.c:464(file_free) freed files structure 18300 (10 used) [2011/10/11 16:43:57.770338, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.770363, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10692 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.770575, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.770989, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.771040, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.771082, 3] smbd/process.c:1661(process_smb) Transaction 8172 of length 45 (0 toread) [2011/10/11 16:43:57.771124, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.771148, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10756 smt_wct=3 smb_vwv[ 0]=18361 (0x47B9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.771409, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.771436, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.771482, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.771524, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.771981, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.772110, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.772154, 3] smbd/reply.c:4850(reply_close) close fd=377 fnum=18361 (numopen=9) [2011/10/11 16:43:57.772196, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.772254, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk, file_id = 803:404241:0 gen_id = 922 has kernel oplock state of 1. [2011/10/11 16:43:57.772314, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004142 [2011/10/11 16:43:57.772361, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.772403, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.772466, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1b25, type= 0x3, gen_id = 922, uid = 0, flags = 0, file_id 803:404241:0, name_hash = 0x84281113 [2011/10/11 16:43:57.772515, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x84281113 [2011/10/11 16:43:57.772560, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004142 [2011/10/11 16:43:57.772613, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk = 0 [2011/10/11 16:43:57.772658, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk [2011/10/11 16:43:57.772705, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk (numopen=8) NT_STATUS_OK [2011/10/11 16:43:57.772750, 5] smbd/files.c:464(file_free) freed files structure 18361 (9 used) [2011/10/11 16:43:57.772797, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.772822, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10756 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.773034, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.773455, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.773505, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.773546, 3] smbd/process.c:1661(process_smb) Transaction 8173 of length 45 (0 toread) [2011/10/11 16:43:57.773604, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.773629, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10820 smt_wct=3 smb_vwv[ 0]=18362 (0x47BA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.773891, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.773917, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.773962, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.774006, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.774444, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.774573, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.774617, 3] smbd/reply.c:4850(reply_close) close fd=378 fnum=18362 (numopen=8) [2011/10/11 16:43:57.774659, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.774716, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk, file_id = 803:7fc004:0 gen_id = 923 has kernel oplock state of 1. [2011/10/11 16:43:57.774776, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000004C0 [2011/10/11 16:43:57.774823, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.774865, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.774929, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1ca5, type= 0x3, gen_id = 923, uid = 0, flags = 0, file_id 803:7fc004:0, name_hash = 0x7826fa75 [2011/10/11 16:43:57.774978, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7826fa75 [2011/10/11 16:43:57.775022, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000004C0 [2011/10/11 16:43:57.775076, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk = 0 [2011/10/11 16:43:57.775120, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk [2011/10/11 16:43:57.775167, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk (numopen=7) NT_STATUS_OK [2011/10/11 16:43:57.775226, 5] smbd/files.c:464(file_free) freed files structure 18362 (8 used) [2011/10/11 16:43:57.775273, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.775298, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10820 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.775511, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.775946, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.775994, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.776036, 3] smbd/process.c:1661(process_smb) Transaction 8174 of length 45 (0 toread) [2011/10/11 16:43:57.776078, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.776102, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10884 smt_wct=3 smb_vwv[ 0]=18363 (0x47BB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.776363, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.776390, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.776435, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.776478, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.776917, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.777046, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.777090, 3] smbd/reply.c:4850(reply_close) close fd=379 fnum=18363 (numopen=7) [2011/10/11 16:43:57.777132, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.777188, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk, file_id = 803:7fc005:0 gen_id = 924 has kernel oplock state of 1. [2011/10/11 16:43:57.777247, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 030800000000000005C0 [2011/10/11 16:43:57.777294, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.777336, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.777420, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1e25, type= 0x3, gen_id = 924, uid = 0, flags = 0, file_id 803:7fc005:0, name_hash = 0x8091b7af [2011/10/11 16:43:57.777485, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8091b7af [2011/10/11 16:43:57.777530, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 030800000000000005C0 [2011/10/11 16:43:57.777584, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk = 0 [2011/10/11 16:43:57.777629, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk [2011/10/11 16:43:57.777676, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk (numopen=6) NT_STATUS_OK [2011/10/11 16:43:57.777721, 5] smbd/files.c:464(file_free) freed files structure 18363 (7 used) [2011/10/11 16:43:57.777769, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.777794, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10884 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.778007, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.778393, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.778447, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.778489, 3] smbd/process.c:1661(process_smb) Transaction 8175 of length 45 (0 toread) [2011/10/11 16:43:57.778531, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.778556, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10948 smt_wct=3 smb_vwv[ 0]=18364 (0x47BC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.778818, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.778844, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.778890, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.778933, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.779375, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.779505, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.779551, 3] smbd/reply.c:4850(reply_close) close fd=380 fnum=18364 (numopen=6) [2011/10/11 16:43:57.779592, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.779651, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk, file_id = 803:7fc00a:0 gen_id = 925 has kernel oplock state of 1. [2011/10/11 16:43:57.779728, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000AC0 [2011/10/11 16:43:57.779777, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.779818, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.779882, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1fa5, type= 0x3, gen_id = 925, uid = 0, flags = 0, file_id 803:7fc00a:0, name_hash = 0x3f262b16 [2011/10/11 16:43:57.779932, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3f262b16 [2011/10/11 16:43:57.779977, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000AC0 [2011/10/11 16:43:57.780031, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk = 0 [2011/10/11 16:43:57.780076, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk [2011/10/11 16:43:57.780123, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk (numopen=5) NT_STATUS_OK [2011/10/11 16:43:57.780168, 5] smbd/files.c:464(file_free) freed files structure 18364 (6 used) [2011/10/11 16:43:57.780214, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.780239, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=10948 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.780451, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.780885, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.780933, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.780976, 3] smbd/process.c:1661(process_smb) Transaction 8176 of length 45 (0 toread) [2011/10/11 16:43:57.781018, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.781042, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11012 smt_wct=3 smb_vwv[ 0]=18365 (0x47BD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.781302, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.781329, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.781393, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.781438, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.781893, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.782021, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.782065, 3] smbd/reply.c:4850(reply_close) close fd=381 fnum=18365 (numopen=5) [2011/10/11 16:43:57.782106, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.782165, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk, file_id = 803:7fc00c:0 gen_id = 926 has kernel oplock state of 1. [2011/10/11 16:43:57.782225, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000000CC0 [2011/10/11 16:43:57.782272, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.782314, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.782377, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2125, type= 0x3, gen_id = 926, uid = 0, flags = 0, file_id 803:7fc00c:0, name_hash = 0x98a24f7d [2011/10/11 16:43:57.782426, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x98a24f7d [2011/10/11 16:43:57.782471, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000000CC0 [2011/10/11 16:43:57.782524, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk = 0 [2011/10/11 16:43:57.782568, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk [2011/10/11 16:43:57.782615, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk (numopen=4) NT_STATUS_OK [2011/10/11 16:43:57.782659, 5] smbd/files.c:464(file_free) freed files structure 18365 (5 used) [2011/10/11 16:43:57.782706, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.782730, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11012 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.782942, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.783330, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.783380, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.783422, 3] smbd/process.c:1661(process_smb) Transaction 8177 of length 45 (0 toread) [2011/10/11 16:43:57.783463, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.783487, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11076 smt_wct=3 smb_vwv[ 0]=18366 (0x47BE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.783747, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.783773, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.783818, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.783861, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.784318, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.784446, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.784491, 3] smbd/reply.c:4850(reply_close) close fd=382 fnum=18366 (numopen=4) [2011/10/11 16:43:57.784532, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.784591, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk, file_id = 803:404244:0 gen_id = 927 has kernel oplock state of 1. [2011/10/11 16:43:57.784650, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000004442 [2011/10/11 16:43:57.784698, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58dc0 [2011/10/11 16:43:57.784740, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.784804, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x22a5, type= 0x3, gen_id = 927, uid = 0, flags = 0, file_id 803:404244:0, name_hash = 0x7d36e96 [2011/10/11 16:43:57.784853, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d36e96 [2011/10/11 16:43:57.784897, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000004442 [2011/10/11 16:43:57.784950, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk = 0 [2011/10/11 16:43:57.784995, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk [2011/10/11 16:43:57.785042, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk (numopen=3) NT_STATUS_OK [2011/10/11 16:43:57.785086, 5] smbd/files.c:464(file_free) freed files structure 18366 (4 used) [2011/10/11 16:43:57.785134, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.785159, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11076 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.785372, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.785767, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.785816, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.785875, 3] smbd/process.c:1661(process_smb) Transaction 8178 of length 45 (0 toread) [2011/10/11 16:43:57.785917, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.785942, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11140 smt_wct=3 smb_vwv[ 0]=18233 (0x4739) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.786203, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.786230, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.786275, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.786319, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.786760, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.786889, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.786933, 3] smbd/reply.c:4850(reply_close) close fd=277 fnum=18233 (numopen=3) [2011/10/11 16:43:57.786975, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.787033, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/Microsoft/Windows/Themes/TranscodedWallpaper.jpg, file_id = 803:404190:0 gen_id = 794 has kernel oplock state of 1. [2011/10/11 16:43:57.787093, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009041 [2011/10/11 16:43:57.787141, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58da0 [2011/10/11 16:43:57.787183, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:46:00 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.787247, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x7225, type= 0x3, gen_id = 794, uid = 0, flags = 0, file_id 803:404190:0, name_hash = 0x13344df5 [2011/10/11 16:43:57.787296, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x13344df5 [2011/10/11 16:43:57.787340, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009041 [2011/10/11 16:43:57.787394, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Windows/Themes/TranscodedWallpaper.jpg = 0 [2011/10/11 16:43:57.787438, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Windows/Themes/TranscodedWallpaper.jpg [2011/10/11 16:43:57.787485, 2] smbd/close.c:691(close_normal_file) ando closed file ando/Microsoft/Windows/Themes/TranscodedWallpaper.jpg (numopen=2) NT_STATUS_OK [2011/10/11 16:43:57.787542, 5] smbd/files.c:464(file_free) freed files structure 18233 (3 used) [2011/10/11 16:43:57.787589, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.787614, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11140 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.787826, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.788204, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:57.788253, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:57.788294, 3] smbd/process.c:1661(process_smb) Transaction 8179 of length 45 (0 toread) [2011/10/11 16:43:57.788336, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.788360, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11204 smt_wct=3 smb_vwv[ 0]=18236 (0x473C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:57.788621, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:57.788647, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:57.788692, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:57.788735, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:57.789217, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:57.789346, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:57.789410, 3] smbd/reply.c:4850(reply_close) close fd=278 fnum=18236 (numopen=2) [2011/10/11 16:43:57.789452, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:57.789511, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando/$RECYCLE.BIN/desktop.ini, file_id = 803:404192:0 gen_id = 797 has kernel oplock state of 1. [2011/10/11 16:43:57.789571, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009241 [2011/10/11 16:43:57.789619, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d58d80 [2011/10/11 16:43:57.789661, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Jan 27 13:35:28 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:57.789724, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x7825, type= 0x3, gen_id = 797, uid = 0, flags = 0, file_id 803:404192:0, name_hash = 0x444cf621 [2011/10/11 16:43:57.789774, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x444cf621 [2011/10/11 16:43:57.789835, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009241 [2011/10/11 16:43:57.789891, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/$RECYCLE.BIN/desktop.ini = 0 [2011/10/11 16:43:57.789934, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/$RECYCLE.BIN/desktop.ini [2011/10/11 16:43:57.789980, 2] smbd/close.c:691(close_normal_file) ando closed file ando/$RECYCLE.BIN/desktop.ini (numopen=1) NT_STATUS_OK [2011/10/11 16:43:57.790023, 5] smbd/files.c:464(file_free) freed files structure 18236 (2 used) [2011/10/11 16:43:57.790070, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:57.790095, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=11204 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:57.790308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:59.598211, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b09e4890 [2011/10/11 16:43:59.598283, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2011/10/11 16:43:59.598330, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled [2011/10/11 16:43:59.598390, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b09dbd60 [2011/10/11 16:43:59.598435, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2011/10/11 16:43:59.598478, 5] smbd/process.c:2464(housekeeping_fn) housekeeping [2011/10/11 16:43:59.598520, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:59.598563, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:43:59.598604, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:43:59.598675, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:43:59.598725, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2011/10/11 16:44:39.685134, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 49 [2011/10/11 16:44:39.685267, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x31 [2011/10/11 16:44:39.685312, 3] smbd/process.c:1661(process_smb) Transaction 8180 of length 53 (0 toread) [2011/10/11 16:44:39.685354, 5] lib/util.c:331(show_msg) [2011/10/11 16:44:39.685396, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:44:39.685631, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:44:39.685694, 3] smbd/process.c:1466(switch_message) switch message SMBecho (pid 8659) conn 0x0 [2011/10/11 16:44:39.685737, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:44:39.685779, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:44:39.685821, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:44:39.685891, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:44:39.685937, 5] lib/util.c:331(show_msg) [2011/10/11 16:44:39.685962, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:44:39.686224, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:44:39.686314, 3] smbd/reply.c:5175(reply_echo) echo 1 times [2011/10/11 16:44:59.613405, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b09e6350 [2011/10/11 16:44:59.613537, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2011/10/11 16:44:59.613585, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled [2011/10/11 16:44:59.613644, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b0a1af90 [2011/10/11 16:44:59.613690, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2011/10/11 16:44:59.613732, 5] smbd/process.c:2464(housekeeping_fn) housekeeping [2011/10/11 16:44:59.613774, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:44:59.613816, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:44:59.613858, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:44:59.613926, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:44:59.613972, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2011/10/11 16:45:15.691342, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 49 [2011/10/11 16:45:15.691482, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x31 [2011/10/11 16:45:15.691526, 3] smbd/process.c:1661(process_smb) Transaction 8181 of length 53 (0 toread) [2011/10/11 16:45:15.691569, 5] lib/util.c:331(show_msg) [2011/10/11 16:45:15.691594, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:45:15.691825, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:45:15.691888, 3] smbd/process.c:1466(switch_message) switch message SMBecho (pid 8659) conn 0x0 [2011/10/11 16:45:15.691932, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:45:15.691974, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:45:15.692015, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:45:15.692082, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:45:15.692128, 5] lib/util.c:331(show_msg) [2011/10/11 16:45:15.692153, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:45:15.692382, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:45:15.692470, 3] smbd/reply.c:5175(reply_echo) echo 1 times [2011/10/11 16:45:29.620233, 10] lib/events.c:221(run_events_poll) Running timed event "smbldap_idle_fn" 0x7fc9b09e4a80 [2011/10/11 16:45:29.620360, 10] lib/smbldap.c:1825(smbldap_idle_fn) ldap connection not idle... [2011/10/11 16:45:51.697636, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 49 [2011/10/11 16:45:51.697743, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x31 [2011/10/11 16:45:51.697816, 3] smbd/process.c:1661(process_smb) Transaction 8182 of length 53 (0 toread) [2011/10/11 16:45:51.697860, 5] lib/util.c:331(show_msg) [2011/10/11 16:45:51.697885, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:45:51.698113, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:45:51.698176, 3] smbd/process.c:1466(switch_message) switch message SMBecho (pid 8659) conn 0x0 [2011/10/11 16:45:51.698219, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:45:51.698260, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:45:51.698301, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:45:51.698368, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:45:51.698414, 5] lib/util.c:331(show_msg) [2011/10/11 16:45:51.698438, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:45:51.698666, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:45:51.698745, 3] smbd/reply.c:5175(reply_echo) echo 1 times [2011/10/11 16:45:59.621753, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b0cf22c0 [2011/10/11 16:45:59.621882, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2011/10/11 16:45:59.621929, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled [2011/10/11 16:45:59.621988, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b0d2fc60 [2011/10/11 16:45:59.622033, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2011/10/11 16:45:59.622075, 5] smbd/process.c:2464(housekeeping_fn) housekeeping [2011/10/11 16:45:59.622116, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:45:59.622159, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:45:59.622200, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:45:59.622268, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:45:59.622314, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2011/10/11 16:46:27.688176, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 49 [2011/10/11 16:46:27.688309, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x31 [2011/10/11 16:46:27.688354, 3] smbd/process.c:1661(process_smb) Transaction 8183 of length 53 (0 toread) [2011/10/11 16:46:27.688396, 5] lib/util.c:331(show_msg) [2011/10/11 16:46:27.688421, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:46:27.688650, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:46:27.688713, 3] smbd/process.c:1466(switch_message) switch message SMBecho (pid 8659) conn 0x0 [2011/10/11 16:46:27.688755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:46:27.688830, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:46:27.688871, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:46:27.688939, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:46:27.688984, 5] lib/util.c:331(show_msg) [2011/10/11 16:46:27.689009, 5] lib/util.c:341(show_msg) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2011/10/11 16:46:27.689237, 10] ../lib/util/util.c:415(dump_data) [0000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2011/10/11 16:46:27.689319, 3] smbd/reply.c:5175(reply_echo) echo 1 times [2011/10/11 16:46:59.652293, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b0be6100 [2011/10/11 16:46:59.652424, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2011/10/11 16:46:59.652473, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled [2011/10/11 16:46:59.652532, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fc9b09dbd60 [2011/10/11 16:46:59.652577, 10] smbd/process.c:862(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2011/10/11 16:46:59.652619, 5] smbd/process.c:2464(housekeeping_fn) housekeeping [2011/10/11 16:46:59.652660, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/11 16:46:59.652703, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/10/11 16:46:59.652744, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/11 16:46:59.652810, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/11 16:46:59.652883, 6] param/loadparm.c:7479(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Mon May 23 13:06:48 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Oct 11 16:40:51 2011 [2011/10/11 16:46:59.653015, 10] smbd/process.c:873(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled