[2012/08/10 16:12:35.120175, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 80 [2012/08/10 16:12:35.120651, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x50 [2012/08/10 16:12:35.120939, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 84 (0 toread) [2012/08/10 16:12:35.121238, 5] lib/util.c:332(show_msg) [2012/08/10 16:12:35.121417, 5] lib/util.c:342(show_msg) size=80 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=12492 smb_uid=100 smb_mid=11 smt_wct=15 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 66 (0x42) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 18 (0x12) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_bcc=15 [2012/08/10 16:12:35.124162, 10] ../lib/util/util.c:415(dump_data) [0000] 00 50 00 6F 00 6C 00 69 00 63 00 79 00 00 00 .P.o.l.i .c.y... [2012/08/10 16:12:35.124948, 3] smbd/process.c:1467(switch_message) switch message SMBopenX (pid 12493) conn 0x100a83a30 [2012/08/10 16:12:35.125296, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (12345, 12345) - sec_ctx_stack_ndx = 0 [2012/08/10 16:12:35.125619, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-3686671396-3338493760-1757656755-25690 SID[ 1]: S-1-5-21-3686671396-3338493760-1757656755-513 SID[ 2]: S-1-22-2-12345 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-12345 Privileges (0x 0): Rights (0x 0): [2012/08/10 16:12:35.127018, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 12345 Primary group is 12345 and contains 1 supplementary groups Group[ 0]: 12345 [2012/08/10 16:12:35.127556, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,12345), gid=(0,12345) [2012/08/10 16:12:35.127896, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/samba/var/spool [2012/08/10 16:12:35.128550, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [Policy] [/var/samba/var/spool] [2012/08/10 16:12:35.129362, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [Policy] -> [/var/samba/var/spool/Policy] [2012/08/10 16:12:35.129712, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: Policy reduced to /var/samba/var/spool/Policy [2012/08/10 16:12:35.130010, 10] lib/util.c:2765(map_open_params_to_ntcreate) map_open_params_to_ntcreate: fname = Policy, deny_mode = 0x42, open_func = 0x12 [2012/08/10 16:12:35.130321, 10] lib/util.c:2869(map_open_params_to_ntcreate) map_open_params_to_ntcreate: file Policy, access_mask = 0x12019f, share_mode = 0x3, create_disposition = 0x5, create_options = 0x40 private_flags = 0x0 [2012/08/10 16:12:35.130752, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x12019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x5 create_options = 0x40 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x0, sd = 0x0, fname = Policy [2012/08/10 16:12:35.131606, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x12019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x5 create_options = 0x40 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x0, sd = 0x0, fname = Policy [2012/08/10 16:12:35.132203, 5] smbd/files.c:140(file_new) allocated file structure 9646, fnum = 13742 (1 used) [2012/08/10 16:12:35.132562, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/samba/var/spool/Policy hash 0x4a098c9b [2012/08/10 16:12:35.132859, 10] smbd/open.c:1564(open_file_ntcreate) open_file_ntcreate: printer open fname=Policy [2012/08/10 16:12:35.134198, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to spoolss pipe. [2012/08/10 16:12:35.134635, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/10 16:12:35.135020, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/10 16:12:35.135307, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/10 16:12:35.135661, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/10 16:12:35.136534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'tprint' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x02000000 (33554432) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: tprint [2012/08/10 16:12:35.179292, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [tprint] [2012/08/10 16:12:35.179652, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.180888, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=tprint Printer is a printer [2012/08/10 16:12:35.181278, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=tprint (len=6) searching for [tprint] [2012/08/10 16:12:35.181858, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/tprint and timeout = Fri Aug 10 16:17:35 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: tprint -> tprint [2012/08/10 16:12:35.331645, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/10 16:12:35.331946, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.333159, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.334376, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:tprint [2012/08/10 16:12:35.334762, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2012/08/10 16:12:35.335882, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share tprint is ok for unix user tuser [2012/08/10 16:12:35.336374, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/10 16:12:35.336791, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/10 16:12:35.337095, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/10 16:12:35.337476, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/10 16:12:35.338348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/10 16:12:35.340617, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/10 16:12:35.340981, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(12345, 12345) : sec_ctx_stack_ndx = 1 [2012/08/10 16:12:35.341331, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/10 16:12:35.341638, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/10 16:12:35.341964, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/10 16:12:35.342236, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/10 16:12:35.343373, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (12345, 12345) - sec_ctx_stack_ndx = 0 [2012/08/10 16:12:35.343727, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/08/10 16:12:35.344127, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/10 16:12:35.344427, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/10 16:12:35.344727, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.344993, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM] [2012/08/10 16:12:35.345646, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/10 16:12:35.346159, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/10 16:12:35.346533, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.347838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0e000000-0000-0000-2550-6395cd300000 result : WERR_OK [2012/08/10 16:12:35.349760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0e000000-0000-0000-2550-6395cd300000 keyname: struct winreg_String name_len : 0x0086 (134) name_size : 0x0086 (134) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/10 16:12:35.354179, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.355535, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/10 16:12:35.355826, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/08/10 16:12:35.356180, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/10 16:12:35.356462, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/10 16:12:35.356748, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.357011, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE] [2012/08/10 16:12:35.357561, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/10 16:12:35.358054, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/10 16:12:35.358357, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/10 16:12:35.358784, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.359068, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.359357, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.359609, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.360122, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.360609, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/10 16:12:35.360904, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.361262, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.361556, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.361852, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.362108, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.362617, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.363121, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/10 16:12:35.363417, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/10 16:12:35.363772, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.364064, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.364358, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.364609, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.365281, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/10 16:12:35.365579, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/10 16:12:35.365939, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.366235, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.366537, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.366788, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.367346, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/10 16:12:35.367642, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/10 16:12:35.368000, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.368292, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.368696, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.368952, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.369464, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.369980, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [tprint] [2012/08/10 16:12:35.370275, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/10 16:12:35.370640, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.370931, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.371231, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.371484, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.371921, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] not found [2012/08/10 16:12:35.372213, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/10 16:12:35.372518, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/10 16:12:35.372915, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/10 16:12:35.373239, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/10 16:12:35.373554, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.373874, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/10 16:12:35.374192, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/08/10 16:12:35.374504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_BADFILE [2012/08/10 16:12:35.376039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/10 16:12:35.378055, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/10 16:12:35.378357, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/08/10 16:12:35.378809, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/10 16:12:35.379100, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/10 16:12:35.379395, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.379659, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM] [2012/08/10 16:12:35.380151, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/10 16:12:35.380601, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/10 16:12:35.380963, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.382237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0f000000-0000-0000-2550-6395cd300000 result : WERR_OK [2012/08/10 16:12:35.383871, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0f000000-0000-0000-2550-6395cd300000 name: struct winreg_String name_len : 0x0086 (134) name_size : 0x0086 (134) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/10 16:12:35.389342, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.390748, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint' [2012/08/10 16:12:35.391179, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.391478, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/10 16:12:35.391756, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/10 16:12:35.392094, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/10 16:12:35.392364, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/10 16:12:35.392639, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.392887, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE] [2012/08/10 16:12:35.393350, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/10 16:12:35.393816, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.394120, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/10 16:12:35.394405, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.394751, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.395024, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.395307, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.395561, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.396012, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/10 16:12:35.396459, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.396812, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.397218, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/10 16:12:35.397512, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.397878, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.398175, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.398540, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.398802, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.399269, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/10 16:12:35.399728, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.400082, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.400392, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/10 16:12:35.400682, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.401041, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.401335, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.401631, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.401890, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/10 16:12:35.402478, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.402828, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.403142, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/10 16:12:35.403429, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.403786, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.404072, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.404368, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.404624, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/10 16:12:35.405141, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.405500, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.405814, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/10 16:12:35.406099, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.406455, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.406747, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.407043, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.407300, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.407763, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.408256, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.408638, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [tprint] [2012/08/10 16:12:35.408935, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.409304, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.409608, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.409917, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.410179, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.410605, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] not found [2012/08/10 16:12:35.410912, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.411229, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/10 16:12:35.411970, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.412875, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 484B4C4D5C534F465457 [2012/08/10 16:12:35.413202, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x100a89f30 [2012/08/10 16:12:35.413580, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 484B4C4D5C534F465457 [2012/08/10 16:12:35.414296, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/10 16:12:35.415371, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 53414D42415F534F5254 [2012/08/10 16:12:35.415710, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x100a8ae10 [2012/08/10 16:12:35.416067, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 53414D42415F534F5254 [2012/08/10 16:12:35.417042, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [tprint] [2012/08/10 16:12:35.417339, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/10 16:12:35.417712, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.418018, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.418328, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/10 16:12:35.418650, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.419112, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.419427, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.420013, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/10 16:12:35.460902, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/10 16:12:35.461248, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.462538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 10000000-0000-0000-2550-6395cd300000 action_taken : * action_taken : REG_CREATED_NEW_KEY (1) result : WERR_OK [2012/08/10 16:12:35.464353, 8] rpc_client/cli_winreg_spoolss.c:284(winreg_printer_openkey) winreg_printer_openkey: createkey created SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint [2012/08/10 16:12:35.464813, 4] rpc_client/init_spoolss.c:380(spoolss_create_default_secdesc) construct_default_printer_sdb: size = 176. [2012/08/10 16:12:35.465476, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 10000000-0000-0000-2550-6395cd300000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : 0x000000b0 (176) [2012/08/10 16:12:35.504954, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.506345, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint:Security] [2012/08/10 16:12:35.506753, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint' (ops 100a342a8) [2012/08/10 16:12:35.507082, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.507568, 10] registry/reg_backend_db.c:1854(regdb_store_values_internal) regdb_store_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\tprint] [2012/08/10 16:12:35.508060, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/10 16:12:35.509004, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 53414D42415F52454756 [2012/08/10 16:12:35.509317, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x100a8b420 [2012/08/10 16:12:35.509771, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 53414D42415F52454756 [2012/08/10 16:12:35.592567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/10 16:12:35.593361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 10000000-0000-0000-2550-6395cd300000 [2012/08/10 16:12:35.594604, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.595897, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.597197, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/10 16:12:35.597479, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/10 16:12:35.597793, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/10 16:12:35.599323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0f000000-0000-0000-2550-6395cd300000 [2012/08/10 16:12:35.600649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.601929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.603204, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/10 16:12:35.603481, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/08/10 16:12:35.603791, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/10 16:12:35.605293, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2012/08/10 16:12:35.605634, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/08/10 16:12:35.605944, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/08/10 16:12:35.606253, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/08/10 16:12:35.606563, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/08/10 16:12:35.606878, 4] printing/nt_printing.c:1793(print_access_check) access check was FAILURE [2012/08/10 16:12:35.607402, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/08/10 16:12:35.607834, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/10 16:12:35.608177, 3] rpc_server/spoolss/srv_spoolss_nt.c:1904(_spoolss_OpenPrinterEx) access DENIED for printer open [2012/08/10 16:12:35.608524, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.609789, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 25 50 63 95 ........ ....%Pc. [0010] CD 30 00 00 .0.. [2012/08/10 16:12:35.611048, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/10 16:12:35.611321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_ACCESS_DENIED [2012/08/10 16:12:35.612829, 5] smbd/files.c:482(file_free) freed files structure 13742 (0 used) [2012/08/10 16:12:35.613148, 10] smbd/open.c:3431(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2012/08/10 16:12:35.613436, 10] smbd/open.c:3704(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2012/08/10 16:12:35.613728, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=45 (SMBopenX) NT_STATUS_ACCESS_DENIED [2012/08/10 16:12:35.614085, 5] lib/util.c:332(show_msg) [2012/08/10 16:12:35.614265, 5] lib/util.c:342(show_msg) size=35 smb_com=0x2d smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=12492 smb_uid=100 smb_mid=11 smt_wct=0 smb_bcc=0 [2012/08/10 16:12:35.615364, 10] ../lib/util/util.c:415(dump_data)