The Samba-Bugzilla – Attachment 8426 Details for
Bug 9561
Samba 3.6.10 as domain member is no longer recognizing valid users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
new full level 10 log
proserver.hawking.log (text/plain), 397.56 KB, created by
Chris Smith
on 2013-01-14 20:38:26 UTC
(
hide
)
Description:
new full level 10 log
Filename:
MIME Type:
Creator:
Chris Smith
Created:
2013-01-14 20:38:26 UTC
Size:
397.56 KB
patch
obsolete
>[2013/01/14 15:31:45.007400, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.007594, 5] smbd/reply.c:614(reply_special) > init msg_type=0x81 msg_flags=0x0 >[2013/01/14 15:31:45.008178, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 170 >[2013/01/14 15:31:45.008262, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xaa >[2013/01/14 15:31:45.008324, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 174 (0 toread) >[2013/01/14 15:31:45.008386, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.008424, 5] lib/util.c:342(show_msg) > size=170 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=3 > smb_tid=0 > smb_pid=51966 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=135 >[2013/01/14 15:31:45.008775, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 58 45 4E 49 58 20 43 RAM 1.0. .XENIX C > [0020] 4F 52 45 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E ORE..MIC ROSOFT N > [0030] 45 54 57 4F 52 4B 53 20 31 2E 30 33 00 02 4C 41 ETWORKS 1.03..LA > [0040] 4E 4D 41 4E 31 2E 30 00 02 57 69 6E 64 6F 77 73 NMAN1.0. .Windows > [0050] 20 66 6F 72 20 57 6F 72 6B 67 72 6F 75 70 73 20 for Wor kgroups > [0060] 33 2E 31 61 00 02 4C 4D 31 2E 32 58 30 30 32 00 3.1a..LM 1.2X002. > [0070] 02 4C 41 4E 4D 41 4E 32 2E 31 00 02 4E 54 20 4C .LANMAN2 .1..NT L > [0080] 4D 20 30 2E 31 32 00 M 0.12. >[2013/01/14 15:31:45.009420, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 28678) conn 0x0 >[2013/01/14 15:31:45.009488, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.009556, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.009621, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.009736, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:45.010275, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2013/01/14 15:31:45.010370, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [XENIX CORE] >[2013/01/14 15:31:45.010435, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2013/01/14 15:31:45.010499, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2013/01/14 15:31:45.010564, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Windows for Workgroups 3.1a] >[2013/01/14 15:31:45.010628, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2013/01/14 15:31:45.010692, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2013/01/14 15:31:45.010756, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2013/01/14 15:31:45.010824, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'WinNT' >[2013/01/14 15:31:45.010922, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.011067, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 06700000FFFFFFFF >[2013/01/14 15:31:45.011154, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8d29860 >[2013/01/14 15:31:45.011225, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 06700000FFFFFFFF >[2013/01/14 15:31:45.011323, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.011472, 10] smbd/negprot.c:44(get_challenge) > get challenge: creating negprot_global_auth_context >[2013/01/14 15:31:45.011537, 5] auth/auth.c:475(make_auth_context_subsystem) > Making default auth method list for security=domain >[2013/01/14 15:31:45.011680, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2013/01/14 15:31:45.011744, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2013/01/14 15:31:45.011805, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2013/01/14 15:31:45.011867, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2013/01/14 15:31:45.011931, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend unix >[2013/01/14 15:31:45.011993, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'unix' >[2013/01/14 15:31:45.012055, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2013/01/14 15:31:45.012117, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2013/01/14 15:31:45.012181, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend wbc >[2013/01/14 15:31:45.012243, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'wbc' >[2013/01/14 15:31:45.012307, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend smbserver >[2013/01/14 15:31:45.012369, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'smbserver' >[2013/01/14 15:31:45.012432, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend trustdomain >[2013/01/14 15:31:45.012495, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'trustdomain' >[2013/01/14 15:31:45.012556, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend ntdomain >[2013/01/14 15:31:45.012619, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'ntdomain' >[2013/01/14 15:31:45.012680, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2013/01/14 15:31:45.012743, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2013/01/14 15:31:45.012804, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2013/01/14 15:31:45.012867, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2013/01/14 15:31:45.012929, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2013/01/14 15:31:45.012992, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2013/01/14 15:31:45.013054, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind:ntdomain >[2013/01/14 15:31:45.013119, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match ntdomain >[2013/01/14 15:31:45.013182, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method ntdomain has a valid init >[2013/01/14 15:31:45.013243, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2013/01/14 15:31:45.013305, 10] smbd/negprot.c:52(get_challenge) > get challenge: getting challenge >[2013/01/14 15:31:45.013368, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module guest did not want to specify a challenge >[2013/01/14 15:31:45.013431, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module sam did not want to specify a challenge >[2013/01/14 15:31:45.013493, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module winbind did not want to specify a challenge >[2013/01/14 15:31:45.013583, 5] auth/auth.c:134(get_ntlm_challenge) > auth_context challenge created by random >[2013/01/14 15:31:45.013644, 5] auth/auth.c:135(get_ntlm_challenge) > challenge is: >[2013/01/14 15:31:45.013707, 5] ../lib/util/util.c:415(dump_data) > [0000] 64 4C F2 4A F4 EC 1F D9 dL.J.... >[2013/01/14 15:31:45.013816, 3] smbd/negprot.c:401(reply_nt1) > not using SPNEGO >[2013/01/14 15:31:45.013907, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LM 0.12 >[2013/01/14 15:31:45.013969, 5] smbd/negprot.c:711(reply_negprot) > negprot index=7 >[2013/01/14 15:31:45.014031, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.014067, 5] lib/util.c:342(show_msg) > size=95 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=16387 > smb_tid=0 > smb_pid=51966 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 1536 (0x600) > smb_vwv[ 8]= 112 (0x70) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 227 (0xE3) > smb_vwv[11]=16640 (0x4100) > smb_vwv[12]=23694 (0x5C8E) > smb_vwv[13]=38443 (0x962B) > smb_vwv[14]=52722 (0xCDF2) > smb_vwv[15]=11265 (0x2C01) > smb_vwv[16]= 2049 (0x801) > smb_bcc=26 >[2013/01/14 15:31:45.014882, 10] ../lib/util/util.c:415(dump_data) > [0000] 64 4C F2 4A F4 EC 1F D9 57 00 41 00 52 00 47 00 dL.J.... W.A.R.G. > [0010] 41 00 4D 00 45 00 53 00 00 00 A.M.E.S. .. >[2013/01/14 15:31:45.016713, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 180 >[2013/01/14 15:31:45.016792, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2013/01/14 15:31:45.016854, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 184 (0 toread) >[2013/01/14 15:31:45.016917, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.016952, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=0 > smb_mid=0 > smt_wct=13 > smb_vwv[ 0]= 117 (0x75) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=28678 (0x7006) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1 (0x1) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 212 (0xD4) > smb_vwv[12]= 0 (0x0) > smb_bcc=71 >[2013/01/14 15:31:45.017656, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .....W.i .n.d.o.w > [0010] 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 .s. .N.T . .1.3.8 > [0020] 00 31 00 00 00 00 00 57 00 69 00 6E 00 64 00 6F .1.....W .i.n.d.o > [0030] 00 77 00 73 00 20 00 4E 00 54 00 20 00 34 00 2E .w.s. .N .T. .4.. > [0040] 00 30 00 00 00 00 00 .0..... >[2013/01/14 15:31:45.018045, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 28678) conn 0x0 >[2013/01/14 15:31:45.018110, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.018173, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.018234, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.018339, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:45.018408, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=13 flg2=0x8003 >[2013/01/14 15:31:45.018495, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X) > Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] PrimaryDomain=[Windows NT 4.0] >[2013/01/14 15:31:45.018560, 2] smbd/sesssetup.c:1279(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2013/01/14 15:31:45.018623, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X) > sesssetupX:name=[]\[]@[proserver] >[2013/01/14 15:31:45.018724, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.018855, 3] smbd/sesssetup.c:151(check_guest_password) > Got anonymous request >[2013/01/14 15:31:45.018917, 5] auth/auth.c:475(make_auth_context_subsystem) > Making default auth method list for security=domain >[2013/01/14 15:31:45.019026, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2013/01/14 15:31:45.019089, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2013/01/14 15:31:45.019151, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2013/01/14 15:31:45.019214, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2013/01/14 15:31:45.019276, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind:ntdomain >[2013/01/14 15:31:45.019340, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match ntdomain >[2013/01/14 15:31:45.019403, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method ntdomain has a valid init >[2013/01/14 15:31:45.019464, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2013/01/14 15:31:45.019530, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for () >[2013/01/14 15:31:45.019595, 5] auth/user_info.c:70(make_user_info) > making strings for 's user_info struct >[2013/01/14 15:31:45.019658, 5] auth/user_info.c:87(make_user_info) > making blobs for 's user_info struct >[2013/01/14 15:31:45.019720, 10] auth/user_info.c:123(make_user_info) > made a user_info for () >[2013/01/14 15:31:45.019782, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2013/01/14 15:31:45.019844, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: []\[]@[] >[2013/01/14 15:31:45.019906, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by fixed >[2013/01/14 15:31:45.019967, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2013/01/14 15:31:45.020027, 5] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 ........ >[2013/01/14 15:31:45.020132, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [] >[2013/01/14 15:31:45.020220, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: guest authentication for user [] succeeded >[2013/01/14 15:31:45.020283, 5] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2013/01/14 15:31:45.020365, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2013/01/14 15:31:45.020433, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (65534,65534) nobody nobody HAWKING guest=1 >[2013/01/14 15:31:45.020497, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: nobody Real name: >[2013/01/14 15:31:45.020559, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2013/01/14 15:31:45.020651, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.020779, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:45.020845, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.020907, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.020967, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.021063, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:45.021134, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2013/01/14 15:31:45.021256, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2013/01/14 15:31:45.021335, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:45.021421, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2013/01/14 15:31:45.021483, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2013/01/14 15:31:45.021555, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2013/01/14 15:31:45.021635, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2013/01/14 15:31:45.021702, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2013/01/14 15:31:45.021805, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2013/01/14 15:31:45.021895, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2013/01/14 15:31:45.021970, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2013/01/14 15:31:45.022037, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2013/01/14 15:31:45.022100, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2013/01/14 15:31:45.022166, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2013/01/14 15:31:45.022229, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2013/01/14 15:31:45.022290, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2013/01/14 15:31:45.022354, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2013/01/14 15:31:45.022449, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2013/01/14 15:31:45.022674, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 06700000FFFFFFFFB069 >[2013/01/14 15:31:45.022751, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8d2a0a0 >[2013/01/14 15:31:45.022890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 06700000FFFFFFFFB069 >[2013/01/14 15:31:45.023174, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2013/01/14 15:31:45.023256, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user nobody >[2013/01/14 15:31:45.023323, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2013/01/14 15:31:45.023404, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2013/01/14 15:31:45.023489, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.023557, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (8): > SID[ 0]: S-1-22-1-65534 > SID[ 1]: S-1-22-2-65534 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-22-2-300002 > SID[ 6]: S-1-22-2-300003 > SID[ 7]: S-1-22-2-300170 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:45.023923, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 65534 > Primary group is 65534 and contains 4 supplementary groups > Group[ 0]: 65534 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300170 >[2013/01/14 15:31:45.024136, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,65534), gid=(0,65534) >[2013/01/14 15:31:45.024205, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.024267, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.024370, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.024468, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:45.024541, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2013/01/14 15:31:45.024626, 3] smbd/service.c:1114(make_connection_snum) > proserver (192.168.7.2) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 28678) >[2013/01/14 15:31:45.024710, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2013/01/14 15:31:45.025548, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 222 >[2013/01/14 15:31:45.025623, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xde >[2013/01/14 15:31:45.025686, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 226 (0 toread) >[2013/01/14 15:31:45.025749, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.025785, 5] lib/util.c:342(show_msg) > size=222 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=0 > smb_mid=64 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 222 (0xDE) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=28678 (0x7006) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 24 (0x18) > smb_vwv[ 8]= 24 (0x18) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 212 (0xD4) > smb_vwv[12]= 0 (0x0) > smb_bcc=161 >[2013/01/14 15:31:45.026525, 10] ../lib/util/util.c:415(dump_data) > [0000] 81 6B CA B2 AC 6B F0 F1 E5 AA 08 22 E0 C7 A0 53 .k...k.. ..."...S > [0010] D9 11 C3 1C 70 8F A4 EE B4 58 8E 3D 7C C8 2D 2B ....p... .X.=|.-+ > [0020] 7C 53 6B DD 66 20 3E EF BB 8A 1E 13 0B 48 EC 08 |Sk.f >. .....H.. > [0030] 00 61 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 .a.d.m.i .n.i.s.t > [0040] 00 72 00 61 00 74 00 6F 00 72 00 00 00 57 00 41 .r.a.t.o .r...W.A > [0050] 00 52 00 47 00 41 00 4D 00 45 00 53 00 00 00 57 .R.G.A.M .E.S...W > [0060] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4E .i.n.d.o .w.s. .N > [0070] 00 54 00 20 00 31 00 33 00 38 00 31 00 00 00 00 .T. .1.3 .8.1.... > [0080] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [0090] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 00 .N.T. .4 ...0.... > [00A0] 00 . >[2013/01/14 15:31:45.027298, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 28678) conn 0x0 >[2013/01/14 15:31:45.027363, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.027426, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.027487, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.027584, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:45.027648, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=13 flg2=0x8003 >[2013/01/14 15:31:45.027722, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X) > Domain=[WARGAMES] NativeOS=[Windows NT 1381] NativeLanMan=[] PrimaryDomain=[Windows NT 4.0] >[2013/01/14 15:31:45.027788, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X) > sesssetupX:name=[WARGAMES]\[administrator]@[proserver] >[2013/01/14 15:31:45.027891, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.028046, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2013/01/14 15:31:45.028137, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user administrator in list >[2013/01/14 15:31:45.028203, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |administrator| against |administrator| >[2013/01/14 15:31:45.028312, 3] auth/user_util.c:402(map_username) > Mapped user administrator to root >[2013/01/14 15:31:45.028380, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user administrator in list >[2013/01/14 15:31:45.028441, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |administrator| against |guest| >[2013/01/14 15:31:45.028519, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [WARGAMES]\[administrator] from workstation [proserver] >[2013/01/14 15:31:45.030280, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for root (administrator) >[2013/01/14 15:31:45.030355, 5] auth/user_info.c:70(make_user_info) > making strings for root's user_info struct >[2013/01/14 15:31:45.030421, 5] auth/user_info.c:87(make_user_info) > making blobs for root's user_info struct >[2013/01/14 15:31:45.030485, 10] auth/user_info.c:123(make_user_info) > made a user_info for root (administrator) >[2013/01/14 15:31:45.030549, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [WARGAMES]\[administrator]@[proserver] with the new password interface >[2013/01/14 15:31:45.030618, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [WARGAMES]\[root]@[proserver] >[2013/01/14 15:31:45.030681, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2013/01/14 15:31:45.030744, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2013/01/14 15:31:45.030805, 5] ../lib/util/util.c:415(dump_data) > [0000] 64 4C F2 4A F4 EC 1F D9 dL.J.... >[2013/01/14 15:31:45.030914, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [root] >[2013/01/14 15:31:45.030976, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2013/01/14 15:31:45.031046, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [root] >[2013/01/14 15:31:45.031107, 8] lib/util.c:1521(is_myname) > is_myname("WARGAMES") returns 0 >[2013/01/14 15:31:45.031170, 6] auth/auth_sam.c:88(auth_samstrict_auth) > check_samstrict_security: WARGAMES is not one of my local names (ROLE_DOMAIN_MEMBER) >[2013/01/14 15:31:45.031236, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: sam had nothing to say >[2013/01/14 15:31:45.031305, 10] auth/auth_winbind.c:50(check_winbind_security) > Check auth for: [root] >[2013/01/14 15:31:45.031369, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.031435, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.031498, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.031562, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.031623, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.056976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.057136, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2013/01/14 15:31:45.057223, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user WARGAMES\administrator in list >[2013/01/14 15:31:45.057287, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |WARGAMES\administrator| against |administrator| >[2013/01/14 15:31:45.057356, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user WARGAMES\administrator in list >[2013/01/14 15:31:45.057418, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |WARGAMES\administrator| against |guest| >[2013/01/14 15:31:45.057502, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user WARGAMES\administrator >[2013/01/14 15:31:45.057566, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is wargames\administrator >[2013/01/14 15:31:45.077959, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [WARGAMES\administrator]! >[2013/01/14 15:31:45.078077, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: winbind authentication for user [administrator] succeeded >[2013/01/14 15:31:45.078152, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.078220, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.078284, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.078347, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.078410, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.078528, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.078592, 5] auth/auth.c:296(check_ntlm_password) > check_ntlm_password: PAM Account for user [WARGAMES\administrator] succeeded >[2013/01/14 15:31:45.078656, 2] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: authentication for user [administrator] -> [root] -> [WARGAMES\administrator] succeeded >[2013/01/14 15:31:45.079131, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\administrator => domain=[WARGAMES], name=[administrator] >[2013/01/14 15:31:45.079203, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:45.081923, 10] passdb/lookup_sid.c:1573(sid_to_uid) > sid S-1-5-21-546846319-217595157-9522986-500 -> uid 2500 >[2013/01/14 15:31:45.082035, 10] passdb/lookup_sid.c:1635(sid_to_gid) > sid S-1-5-21-546846319-217595157-9522986-513 -> gid 2513 >[2013/01/14 15:31:45.082114, 10] auth/token_util.c:339(create_local_nt_token) > Create local NT token for S-1-5-21-546846319-217595157-9522986-500 >[2013/01/14 15:31:45.082196, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.082263, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.082326, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:45.082389, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:45.082449, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:45.082705, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.082792, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-546846319-217595157-9522986-500] >[2013/01/14 15:31:45.082876, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-546846319-217595157-9522986-513] >[2013/01/14 15:31:45.082955, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-2513] >[2013/01/14 15:31:45.083033, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2013/01/14 15:31:45.083133, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2013/01/14 15:31:45.083208, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2013/01/14 15:31:45.083392, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-546846319-217595157-9522986-500 > SID[ 1]: S-1-5-21-546846319-217595157-9522986-513 > SID[ 2]: S-1-22-2-2513 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-2500 > SID[ 7]: S-1-22-2-300002 > SID[ 8]: S-1-22-2-300003 > SID[ 9]: S-1-22-2-300004 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:45.083876, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2500 > Primary group is 2513 and contains 4 supplementary groups > Group[ 0]: 2513 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300004 >[2013/01/14 15:31:45.084098, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 101 >[2013/01/14 15:31:45.084165, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (2500,2513) WARGAMES\administrator administrator WARGAMES guest=0 >[2013/01/14 15:31:45.084230, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: WARGAMES\administrator Real name: >[2013/01/14 15:31:45.084292, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 2500 is UNIX user WARGAMES\administrator, and will be vuid 101 >[2013/01/14 15:31:45.084377, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F32383637382F31 >[2013/01/14 15:31:45.084457, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8d26018 >[2013/01/14 15:31:45.084594, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F32383637382F31 >[2013/01/14 15:31:45.084696, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find WARGAMES\administrator >[2013/01/14 15:31:45.084760, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user WARGAMES\administrator >[2013/01/14 15:31:45.084824, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is wargames\administrator >[2013/01/14 15:31:45.084890, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [WARGAMES\administrator]! >[2013/01/14 15:31:45.084953, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'WARGAMES\administrator' using home directory: '/home/WARGAMES/administrator' >[2013/01/14 15:31:45.085037, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2013/01/14 15:31:45.085163, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jan 14 15:30:48 2013 > >[2013/01/14 15:31:45.086881, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:45.086959, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:45.087022, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 104 (0 toread) >[2013/01/14 15:31:45.087084, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.087120, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=128 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:45.088120, 10] ../lib/util/util.c:415(dump_data) > [0000] A4 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:45.088279, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:45.088353, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user WARGAMES\administrator >[2013/01/14 15:31:45.088422, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user WARGAMES\administrator >[2013/01/14 15:31:45.088568, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2013/01/14 15:31:45.088663, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:45.088731, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-546846319-217595157-9522986-500 > SID[ 1]: S-1-5-21-546846319-217595157-9522986-513 > SID[ 2]: S-1-22-2-2513 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-2500 > SID[ 7]: S-1-22-2-300002 > SID[ 8]: S-1-22-2-300003 > SID[ 9]: S-1-22-2-300004 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:45.089156, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2500 > Primary group is 2513 and contains 4 supplementary groups > Group[ 0]: 2513 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300004 >[2013/01/14 15:31:45.089373, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2500), gid=(0,2513) >[2013/01/14 15:31:45.089446, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2013/01/14 15:31:45.089558, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:45.089634, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:45.089728, 5] smbd/files.c:140(file_new) > allocated file structure 6967, fnum = 11063 (1 used) >[2013/01/14 15:31:45.089808, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:45.089897, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:45.089986, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:45.090049, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:45.090127, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:45.090195, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:45.090730, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:45.090909, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:45.090974, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 160 (0 toread) >[2013/01/14 15:31:45.091037, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.091072, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=192 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11063 (0x2B37) > smb_bcc=89 >[2013/01/14 15:31:45.091852, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 0B 00 10 00 00 00 48 00 00 00 00 00 00 ........ .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:45.092388, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:45.092457, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:45.092547, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:45.092617, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:45.092677, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:45.092743, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:45.092806, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b37) >[2013/01/14 15:31:45.092871, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:45.092937, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:45.093007, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:45.093072, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:45.093136, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:45.093201, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:45.093262, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:45.093323, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:45.093393, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:45.093454, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:45.093515, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:45.093584, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:45.093681, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:45.094783, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:45.094850, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:45.094915, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:45.094979, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:45.095047, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:45.095140, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:45.096149, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:45.096245, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:45.096342, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:45.096409, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:45.096501, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:45.096569, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:45.096633, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.096669, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=192 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:45.097286, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 00 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:45.099187, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:45.099332, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:45.099395, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 176 (0 toread) >[2013/01/14 15:31:45.099458, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.099493, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=256 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11063 (0x2B37) > smb_bcc=105 >[2013/01/14 15:31:45.100276, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ?....... .X...... > [0020] 00 40 00 00 00 00 00 10 00 D0 F7 83 01 0A 00 00 .@...... ........ > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 06 00 00 .w.k.i.n .g...... > [0050] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0060] 00 66 00 00 00 01 00 00 00 .f...... . >[2013/01/14 15:31:45.100788, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:45.100853, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:45.100926, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:45.100993, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:45.101052, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:45.101115, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:45.101177, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b37) >[2013/01/14 15:31:45.101241, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:45.101306, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:45.101371, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:45.101433, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:45.101497, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:45.101565, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:45.101626, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:45.101687, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:45.101752, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:45.101813, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:45.101874, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:45.101939, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:45.102017, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0010 (16) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] D0 F7 83 01 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 06 00 00 00 00 00 00 00 06 00 00 00 g....... ........ > [0030] 73 00 74 00 75 00 66 00 66 00 00 00 01 00 00 00 s.t.u.f. f....... >[2013/01/14 15:31:45.103183, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:45.103246, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:45.103312, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:45.103378, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >[2013/01/14 15:31:45.103448, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[16].fn == 0xb71a3660 >[2013/01/14 15:31:45.103524, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\Hawking' > share_name : 'stuff' > level : 0x00000001 (1) >[2013/01/14 15:31:45.108179, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1440(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1440 >[2013/01/14 15:31:45.108286, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1510(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1510 >[2013/01/14 15:31:45.108348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > result : WERR_OK >[2013/01/14 15:31:45.108830, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:45.108898, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:45.108991, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:45.109056, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 92. >[2013/01/14 15:31:45.109139, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000005c (92) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=92 > [0000] 01 00 00 00 04 00 02 00 08 00 02 00 00 00 00 00 ........ ........ > [0010] 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 00 ........ ........ > [0020] 73 00 74 00 75 00 66 00 66 00 00 00 0F 00 00 00 s.t.u.f. f....... > [0030] 00 00 00 00 0F 00 00 00 41 00 73 00 73 00 6F 00 ........ A.s.s.o. > [0040] 72 00 74 00 65 00 64 00 20 00 66 00 69 00 6C 00 r.t.e.d. .f.i.l. > [0050] 65 00 73 00 00 00 00 00 00 00 00 00 e.s..... .... >[2013/01/14 15:31:45.110466, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 66 >[2013/01/14 15:31:45.110546, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 116 bytes. There is no more data outstanding >[2013/01/14 15:31:45.110614, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2013/01/14 15:31:45.110678, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.110713, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=256 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2013/01/14 15:31:45.111332, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [0010] 00 5C 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .\...... ........ > [0020] 00 08 00 02 00 00 00 00 00 0C 00 02 00 06 00 00 ........ ........ > [0030] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0040] 00 66 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .f...... ........ > [0050] 00 41 00 73 00 73 00 6F 00 72 00 74 00 65 00 64 .A.s.s.o .r.t.e.d > [0060] 00 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 . .f.i.l .e.s.... > [0070] 00 00 00 00 00 ..... >[2013/01/14 15:31:45.112331, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:45.112403, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:45.112466, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 46 (0 toread) >[2013/01/14 15:31:45.112529, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.112564, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=320 > smt_wct=3 > smb_vwv[ 0]=11063 (0x2B37) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:45.112994, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:45.113032, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:45.113097, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:45.113166, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11063 (numopen=1) >[2013/01/14 15:31:45.113232, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:45.113371, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:45.113446, 5] smbd/files.c:482(file_free) > freed files structure 11063 (0 used) >[2013/01/14 15:31:45.113511, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:45.113546, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=320 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:45.113895, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:48.983050, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:48.983147, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:48.983210, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 104 (0 toread) >[2013/01/14 15:31:48.983272, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:48.983307, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=384 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:48.984304, 10] ../lib/util/util.c:415(dump_data) > [0000] A4 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:48.984462, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:48.984528, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:48.984605, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:48.984678, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:48.984748, 5] smbd/files.c:140(file_new) > allocated file structure 6968, fnum = 11064 (1 used) >[2013/01/14 15:31:48.984822, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:48.984900, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:48.984975, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:48.985038, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:48.985123, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:48.985190, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:48.986752, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:48.986823, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:48.986885, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 160 (0 toread) >[2013/01/14 15:31:48.986948, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:48.986983, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11064 (0x2B38) > smb_bcc=89 >[2013/01/14 15:31:48.987813, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:48.988252, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:48.988317, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:48.988388, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:48.988455, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:48.988514, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:48.988577, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:48.988638, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b38) >[2013/01/14 15:31:48.988702, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:48.988767, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:48.988831, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:48.988893, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:48.988957, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:48.989022, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:48.989083, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:48.989145, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:48.989210, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:48.989271, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:48.989332, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:48.989397, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:48.989477, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:48.990562, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:48.990626, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:48.990689, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:48.990751, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:48.990815, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:48.990902, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:48.991904, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:48.991990, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:48.992054, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:48.992122, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:48.992196, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:48.992262, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:48.992355, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:48.992391, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:48.993009, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:48.993783, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:48.993855, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:48.993917, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 176 (0 toread) >[2013/01/14 15:31:48.993979, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:48.994014, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11064 (0x2B38) > smb_bcc=105 >[2013/01/14 15:31:48.994795, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ?....... .X...... > [0020] 00 40 00 00 00 00 00 0F 00 FC 33 8E 00 0A 00 00 .@...... ..3..... > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 01 00 00 .w.k.i.n .g...... > [0050] 00 01 00 00 00 00 F6 98 01 00 00 00 00 00 00 00 ........ ........ > [0060] 00 FF FF FF FF 00 00 00 00 ........ . >[2013/01/14 15:31:48.995301, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:48.995365, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:48.995435, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:48.995501, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:48.995561, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:48.995623, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:48.995684, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b38) >[2013/01/14 15:31:48.995749, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:48.995813, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:48.995875, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:48.995937, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:48.996000, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:48.996065, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:48.996169, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:48.996230, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:48.996312, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:48.996374, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:48.996435, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:48.996500, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:48.996572, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x000f (15) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] FC 33 8E 00 0A 00 00 00 00 00 00 00 0A 00 00 00 .3...... ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 01 00 00 00 01 00 00 00 00 F6 98 01 g....... ........ > [0030] 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 ........ ........ >[2013/01/14 15:31:48.997697, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:48.997759, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:48.997824, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:48.997888, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL >[2013/01/14 15:31:48.997956, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[15].fn == 0xb71a3960 >[2013/01/14 15:31:48.998044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > in: struct srvsvc_NetShareEnumAll > server_unc : * > server_unc : '\\Hawking' > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x00000000 (0) > array : NULL > max_buffer : 0xffffffff (4294967295) > resume_handle : NULL >[2013/01/14 15:31:48.998547, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1381(_srvsvc_NetShareEnumAll) > _srvsvc_NetShareEnumAll: 1381 >[2013/01/14 15:31:48.998613, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:567(init_srv_share_info_ctr) > init_srv_share_info_ctr >[2013/01/14 15:31:48.998707, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2500, 2513) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:48.998780, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:48.998843, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:48.998905, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:48.998967, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:48.999080, 8] smbd/service.c:248(load_registry_shares) > load_registry_shares() >[2013/01/14 15:31:48.999149, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:48.999215, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:590(init_srv_share_info_ctr) > NOT counting service printers >[2013/01/14 15:31:48.999285, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service print$ >[2013/01/14 15:31:48.999350, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service backup >[2013/01/14 15:31:48.999415, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service stuff >[2013/01/14 15:31:48.999481, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service pdf >[2013/01/14 15:31:48.999545, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service IPC$ >[2013/01/14 15:31:48.999611, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Virtual_Printer-HC.A >[2013/01/14 15:31:48.999677, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Virtual_Printer-HC.W >[2013/01/14 15:31:48.999742, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Landscape_PDF-HC.A >[2013/01/14 15:31:48.999808, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service HP4250-HC.A >[2013/01/14 15:31:48.999874, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service ES283-HC.A >[2013/01/14 15:31:49.000034, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1395(_srvsvc_NetShareEnumAll) > _srvsvc_NetShareEnumAll: 1395 >[2013/01/14 15:31:49.000097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > out: struct srvsvc_NetShareEnumAll > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x0000000a (10) > array : * > array: ARRAY(10) > array: struct srvsvc_NetShareInfo1 > name : * > name : 'print$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Printer Drivers' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'backup' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'backups' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'pdf' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'pdf printer output' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'IPC$' > type : STYPE_IPC_HIDDEN (0x80000003) > comment : * > comment : 'IPC Service (hawking - the universe is expanding)' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Virtual_Printer-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'PDF Printer on Hawking' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Virtual_Printer-HC.W' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Virtual 'portrait' Printer' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Landscape_PDF-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Virtual Landscape PDF Printer' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'HP4250-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'HP LaserJet 4250tn' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'ES283-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Toshiba e-Studio 283' > totalentries : * > totalentries : 0x0000000a (10) > resume_handle : NULL > result : WERR_OK >[2013/01/14 15:31:49.002929, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:49.003002, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:49.003087, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:49.003151, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1104. >[2013/01/14 15:31:49.003233, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0468 (1128) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000450 (1104) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1104 > [0000] 01 00 00 00 01 00 00 00 08 00 02 00 0A 00 00 00 ........ ........ > [0010] 0C 00 02 00 0A 00 00 00 10 00 02 00 00 00 00 00 ........ ........ > [0020] 14 00 02 00 18 00 02 00 00 00 00 00 1C 00 02 00 ........ ........ > [0030] 20 00 02 00 00 00 00 00 24 00 02 00 28 00 02 00 ....... $...(... > [0040] 00 00 00 00 2C 00 02 00 30 00 02 00 03 00 00 80 ....,... 0....... > [0050] 34 00 02 00 38 00 02 00 01 00 00 00 3C 00 02 00 4...8... ....<... > [0060] 40 00 02 00 01 00 00 00 44 00 02 00 48 00 02 00 @....... D...H... > [0070] 01 00 00 00 4C 00 02 00 50 00 02 00 01 00 00 00 ....L... P....... > [0080] 54 00 02 00 58 00 02 00 01 00 00 00 5C 00 02 00 T...X... ....\... > [0090] 07 00 00 00 00 00 00 00 07 00 00 00 70 00 72 00 ........ ....p.r. > [00A0] 69 00 6E 00 74 00 24 00 00 00 00 00 10 00 00 00 i.n.t.$. ........ > [00B0] 00 00 00 00 10 00 00 00 50 00 72 00 69 00 6E 00 ........ P.r.i.n. > [00C0] 74 00 65 00 72 00 20 00 44 00 72 00 69 00 76 00 t.e.r. . D.r.i.v. > [00D0] 65 00 72 00 73 00 00 00 07 00 00 00 00 00 00 00 e.r.s... ........ > [00E0] 07 00 00 00 62 00 61 00 63 00 6B 00 75 00 70 00 ....b.a. c.k.u.p. > [00F0] 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ > [0100] 62 00 61 00 63 00 6B 00 75 00 70 00 73 00 00 00 b.a.c.k. u.p.s... > [0110] 06 00 00 00 00 00 00 00 06 00 00 00 73 00 74 00 ........ ....s.t. > [0120] 75 00 66 00 66 00 00 00 0F 00 00 00 00 00 00 00 u.f.f... ........ > [0130] 0F 00 00 00 41 00 73 00 73 00 6F 00 72 00 74 00 ....A.s. s.o.r.t. > [0140] 65 00 64 00 20 00 66 00 69 00 6C 00 65 00 73 00 e.d. .f. i.l.e.s. > [0150] 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 ........ ........ > [0160] 70 00 64 00 66 00 00 00 13 00 00 00 00 00 00 00 p.d.f... ........ > [0170] 13 00 00 00 70 00 64 00 66 00 20 00 70 00 72 00 ....p.d. f. .p.r. > [0180] 69 00 6E 00 74 00 65 00 72 00 20 00 6F 00 75 00 i.n.t.e. r. .o.u. > [0190] 74 00 70 00 75 00 74 00 00 00 00 00 05 00 00 00 t.p.u.t. ........ > [01A0] 00 00 00 00 05 00 00 00 49 00 50 00 43 00 24 00 ........ I.P.C.$. > [01B0] 00 00 00 00 32 00 00 00 00 00 00 00 32 00 00 00 ....2... ....2... > [01C0] 49 00 50 00 43 00 20 00 53 00 65 00 72 00 76 00 I.P.C. . S.e.r.v. > [01D0] 69 00 63 00 65 00 20 00 28 00 68 00 61 00 77 00 i.c.e. . (.h.a.w. > [01E0] 6B 00 69 00 6E 00 67 00 20 00 2D 00 20 00 74 00 k.i.n.g. .-. .t. > [01F0] 68 00 65 00 20 00 75 00 6E 00 69 00 76 00 65 00 h.e. .u. n.i.v.e. > [0200] 72 00 73 00 65 00 20 00 69 00 73 00 20 00 65 00 r.s.e. . i.s. .e. > [0210] 78 00 70 00 61 00 6E 00 64 00 69 00 6E 00 67 00 x.p.a.n. d.i.n.g. > [0220] 29 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 )....... ........ > [0230] 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 5F 00 V.i.r.t. u.a.l._. > [0240] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 2D 00 P.r.i.n. t.e.r.-. > [0250] 48 00 43 00 2E 00 41 00 00 00 00 00 17 00 00 00 H.C...A. ........ > [0260] 00 00 00 00 17 00 00 00 50 00 44 00 46 00 20 00 ........ P.D.F. . > [0270] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 P.r.i.n. t.e.r. . > [0280] 6F 00 6E 00 20 00 48 00 61 00 77 00 6B 00 69 00 o.n. .H. a.w.k.i. > [0290] 6E 00 67 00 00 00 00 00 15 00 00 00 00 00 00 00 n.g..... ........ > [02A0] 15 00 00 00 56 00 69 00 72 00 74 00 75 00 61 00 ....V.i. r.t.u.a. > [02B0] 6C 00 5F 00 50 00 72 00 69 00 6E 00 74 00 65 00 l._.P.r. i.n.t.e. > [02C0] 72 00 2D 00 48 00 43 00 2E 00 57 00 00 00 00 00 r.-.H.C. ..W..... > [02D0] 1B 00 00 00 00 00 00 00 1B 00 00 00 56 00 69 00 ........ ....V.i. > [02E0] 72 00 74 00 75 00 61 00 6C 00 20 00 27 00 70 00 r.t.u.a. l. .'.p. > [02F0] 6F 00 72 00 74 00 72 00 61 00 69 00 74 00 27 00 o.r.t.r. a.i.t.'. > [0300] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. > [0310] 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ > [0320] 4C 00 61 00 6E 00 64 00 73 00 63 00 61 00 70 00 L.a.n.d. s.c.a.p. > [0330] 65 00 5F 00 50 00 44 00 46 00 2D 00 48 00 43 00 e._.P.D. F.-.H.C. > [0340] 2E 00 41 00 00 00 00 00 1E 00 00 00 00 00 00 00 ..A..... ........ > [0350] 1E 00 00 00 56 00 69 00 72 00 74 00 75 00 61 00 ....V.i. r.t.u.a. > [0360] 6C 00 20 00 4C 00 61 00 6E 00 64 00 73 00 63 00 l. .L.a. n.d.s.c. > [0370] 61 00 70 00 65 00 20 00 50 00 44 00 46 00 20 00 a.p.e. . P.D.F. . > [0380] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 P.r.i.n. t.e.r... > [0390] 0C 00 00 00 00 00 00 00 0C 00 00 00 48 00 50 00 ........ ....H.P. > [03A0] 34 00 32 00 35 00 30 00 2D 00 48 00 43 00 2E 00 4.2.5.0. -.H.C... > [03B0] 41 00 00 00 13 00 00 00 00 00 00 00 13 00 00 00 A....... ........ > [03C0] 48 00 50 00 20 00 4C 00 61 00 73 00 65 00 72 00 H.P. .L. a.s.e.r. > [03D0] 4A 00 65 00 74 00 20 00 34 00 32 00 35 00 30 00 J.e.t. . 4.2.5.0. > [03E0] 74 00 6E 00 00 00 00 00 0B 00 00 00 00 00 00 00 t.n..... ........ > [03F0] 0B 00 00 00 45 00 53 00 32 00 38 00 33 00 2D 00 ....E.S. 2.8.3.-. > [0400] 48 00 43 00 2E 00 41 00 00 00 00 00 15 00 00 00 H.C...A. ........ > [0410] 00 00 00 00 15 00 00 00 54 00 6F 00 73 00 68 00 ........ T.o.s.h. > [0420] 69 00 62 00 61 00 20 00 65 00 2D 00 53 00 74 00 i.b.a. . e.-.S.t. > [0430] 75 00 64 00 69 00 6F 00 20 00 32 00 38 00 33 00 u.d.i.o. .2.8.3. > [0440] 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2013/01/14 15:31:49.010610, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2013/01/14 15:31:49.010675, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2013/01/14 15:31:49.010739, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2013/01/14 15:31:49.010804, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2013/01/14 15:31:49.010873, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.010908, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2013/01/14 15:31:49.011527, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 68 04 00 00 01 00 00 ........ .h...... > [0010] 00 50 04 00 00 00 00 00 00 01 00 00 00 01 00 00 .P...... ........ > [0020] 00 08 00 02 00 0A 00 00 00 0C 00 02 00 0A 00 00 ........ ........ > [0030] 00 10 00 02 00 00 00 00 00 14 00 02 00 18 00 02 ........ ........ > [0040] 00 00 00 00 00 1C 00 02 00 20 00 02 00 00 00 00 ........ . ...... > [0050] 00 24 00 02 00 28 00 02 00 00 00 00 00 2C 00 02 .$...(.. .....,.. > [0060] 00 30 00 02 00 03 00 00 80 34 00 02 00 38 00 02 .0...... .4...8.. > [0070] 00 01 00 00 00 3C 00 02 00 40 00 02 00 01 00 00 .....<.. .@...... > [0080] 00 44 00 02 00 48 00 02 00 01 00 00 00 4C 00 02 .D...H.. .....L.. > [0090] 00 50 00 02 00 01 00 00 00 54 00 02 00 58 00 02 .P...... .T...X.. > [00A0] 00 01 00 00 00 5C 00 02 00 07 00 00 00 00 00 00 .....\.. ........ > [00B0] 00 07 00 00 00 70 00 72 00 69 00 6E 00 74 00 24 .....p.r .i.n.t.$ > [00C0] 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 ........ ........ > [00D0] 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 20 .P.r.i.n .t.e.r. > [00E0] 00 44 00 72 00 69 00 76 00 65 00 72 00 73 00 00 .D.r.i.v .e.r.s.. > [00F0] 00 07 00 00 00 00 00 00 00 07 00 00 00 62 00 61 ........ .....b.a > [0100] 00 63 00 6B 00 75 00 70 00 00 00 00 00 08 00 00 .c.k.u.p ........ > [0110] 00 00 00 00 00 08 00 00 00 62 00 61 00 63 00 6B ........ .b.a.c.k > [0120] 00 75 00 70 00 73 00 00 00 06 00 00 00 00 00 00 .u.p.s.. ........ > [0130] 00 06 00 00 00 73 00 74 00 75 00 66 00 66 00 00 .....s.t .u.f.f.. > [0140] 00 0F 00 00 00 00 00 00 00 0F 00 00 00 41 00 73 ........ .....A.s > [0150] 00 73 00 6F 00 72 00 74 00 65 00 64 00 20 00 66 .s.o.r.t .e.d. .f > [0160] 00 69 00 6C 00 65 00 73 00 00 00 00 00 04 00 00 .i.l.e.s ........ > [0170] 00 00 00 00 00 04 00 00 00 70 00 64 00 66 00 00 ........ .p.d.f.. > [0180] 00 13 00 00 00 00 00 00 00 13 00 00 00 70 00 64 ........ .....p.d > [0190] 00 66 00 20 00 70 00 72 00 69 00 6E 00 74 00 65 .f. .p.r .i.n.t.e > [01A0] 00 72 00 20 00 6F 00 75 00 74 00 70 00 75 00 74 .r. .o.u .t.p.u.t > [01B0] 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 ........ ........ > [01C0] 00 49 00 50 00 43 00 24 00 00 00 00 00 32 00 00 .I.P.C.$ .....2.. > [01D0] 00 00 00 00 00 32 00 00 00 49 00 50 00 43 00 20 .....2.. .I.P.C. > [01E0] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. > [01F0] 00 28 00 68 00 61 00 77 00 6B 00 69 00 6E 00 67 .(.h.a.w .k.i.n.g >[2013/01/14 15:31:49.015372, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 60 >[2013/01/14 15:31:49.015445, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3c >[2013/01/14 15:31:49.015507, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 64 (0 toread) >[2013/01/14 15:31:49.015570, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.015604, 5] lib/util.c:342(show_msg) > size=60 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32768 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=576 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=11064 (0x2B38) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 104 (0x68) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 104 (0x68) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2013/01/14 15:31:49.016279, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.016332, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.016397, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.016470, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 104 >[2013/01/14 15:31:49.016536, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 1128, current_pdu_sent = 1024 returning 104 bytes. >[2013/01/14 15:31:49.016605, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 619 >[2013/01/14 15:31:49.016723, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 104 bytes. There is more data outstanding >[2013/01/14 15:31:49.016787, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=104 max=104 nread=104 >[2013/01/14 15:31:49.017247, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:49.017317, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:49.017379, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 46 (0 toread) >[2013/01/14 15:31:49.017442, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.017477, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=640 > smt_wct=3 > smb_vwv[ 0]=11064 (0x2B38) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:49.017911, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.017948, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.018011, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.018075, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11064 (numopen=1) >[2013/01/14 15:31:49.018140, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:49.018217, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:49.018291, 5] smbd/files.c:482(file_free) > freed files structure 11064 (0 used) >[2013/01/14 15:31:49.018355, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.018391, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=640 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:49.018741, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.020569, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:49.020638, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:49.020700, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 104 (0 toread) >[2013/01/14 15:31:49.020763, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.020798, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=704 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:49.021795, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:49.021948, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.022011, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.022082, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:49.022189, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:49.022260, 5] smbd/files.c:140(file_new) > allocated file structure 6969, fnum = 11065 (1 used) >[2013/01/14 15:31:49.022333, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:49.022407, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:49.022479, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:49.022542, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:49.022623, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:49.022689, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:49.023087, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:49.023157, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:49.023219, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 160 (0 toread) >[2013/01/14 15:31:49.023282, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.023317, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=768 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11065 (0x2B39) > smb_bcc=89 >[2013/01/14 15:31:49.024098, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 00 00 00 ?....... .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:49.024535, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.024600, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.024669, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:49.024736, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.024796, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.024857, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.024919, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b39) >[2013/01/14 15:31:49.024983, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.025046, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:49.025110, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:49.025172, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:49.025236, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.025301, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.025362, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:49.025460, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:49.025525, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.025586, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:49.025647, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:49.025712, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.025790, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:49.026864, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:49.026928, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:49.026991, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:49.027053, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:49.027117, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:49.027201, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:49.028234, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:49.028317, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:49.028382, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:49.028449, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:49.028524, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:49.028589, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:49.028653, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.028688, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=768 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:49.029306, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 00 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:49.031148, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 148 >[2013/01/14 15:31:49.031219, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x94 >[2013/01/14 15:31:49.031281, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 152 (0 toread) >[2013/01/14 15:31:49.031344, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.031379, 5] lib/util.c:342(show_msg) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11065 (0x2B39) > smb_bcc=81 >[2013/01/14 15:31:49.032159, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 40 00 00 00 01 00 00 ........ .@...... > [0020] 00 28 00 00 00 00 00 15 00 18 4A 17 00 0A 00 00 .(...... ..J..... > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 65 00 00 .w.k.i.n .g...e.. > [0050] 00 . >[2013/01/14 15:31:49.032584, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.032676, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.032747, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=64 params=0 setup=2 >[2013/01/14 15:31:49.032813, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.032873, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.032934, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.032996, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b39) >[2013/01/14 15:31:49.033060, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.033125, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 64 >[2013/01/14 15:31:49.033187, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2013/01/14 15:31:49.033249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 >[2013/01/14 15:31:49.033313, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.033377, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.033439, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2013/01/14 15:31:49.033500, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 >[2013/01/14 15:31:49.033565, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.033626, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2013/01/14 15:31:49.033687, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 >[2013/01/14 15:31:49.033752, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.033823, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0040 (64) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000028 (40) > context_id : 0x0000 (0) > opnum : 0x0015 (21) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=40 > [0000] 18 4A 17 00 0A 00 00 00 00 00 00 00 0A 00 00 00 .J...... ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 65 00 00 00 g...e... >[2013/01/14 15:31:49.034832, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:49.034895, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:49.034959, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:49.035024, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2013/01/14 15:31:49.035120, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[21].fn == 0xb71a27f0 >[2013/01/14 15:31:49.035199, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\Hawking' > level : 0x00000065 (101) >[2013/01/14 15:31:49.037842, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1125(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1125 >[2013/01/14 15:31:49.037921, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1203(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1203 >[2013/01/14 15:31:49.037983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'HAWKING' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > server_type : 0x00009b23 (39715) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 0: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 1: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 0: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'hawking - the universe is expanding' > result : WERR_OK >[2013/01/14 15:31:49.039466, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:49.039534, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 48 >[2013/01/14 15:31:49.039621, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:49.039685, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 148. >[2013/01/14 15:31:49.039764, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00ac (172) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000094 (148) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=148 > [0000] 65 00 00 00 04 00 02 00 F4 01 00 00 08 00 02 00 e....... ........ > [0010] 04 00 00 00 09 00 00 00 23 9B 00 00 0C 00 02 00 ........ #....... > [0020] 08 00 00 00 00 00 00 00 08 00 00 00 48 00 41 00 ........ ....H.A. > [0030] 57 00 4B 00 49 00 4E 00 47 00 00 00 24 00 00 00 W.K.I.N. G...$... > [0040] 00 00 00 00 24 00 00 00 68 00 61 00 77 00 6B 00 ....$... h.a.w.k. > [0050] 69 00 6E 00 67 00 20 00 2D 00 20 00 74 00 68 00 i.n.g. . -. .t.h. > [0060] 65 00 20 00 75 00 6E 00 69 00 76 00 65 00 72 00 e. .u.n. i.v.e.r. > [0070] 73 00 65 00 20 00 69 00 73 00 20 00 65 00 78 00 s.e. .i. s. .e.x. > [0080] 70 00 61 00 6E 00 64 00 69 00 6E 00 67 00 00 00 p.a.n.d. i.n.g... > [0090] 00 00 00 00 .... >[2013/01/14 15:31:49.041420, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 48 >[2013/01/14 15:31:49.041498, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 172 bytes. There is no more data outstanding >[2013/01/14 15:31:49.041565, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..172] (align 0) >[2013/01/14 15:31:49.041630, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.041665, 5] lib/util.c:342(show_msg) > size=228 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 172 (0xAC) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 172 (0xAC) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=173 >[2013/01/14 15:31:49.042286, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 AC 00 00 00 01 00 00 ........ ........ > [0010] 00 94 00 00 00 00 00 00 00 65 00 00 00 04 00 02 ........ .e...... > [0020] 00 F4 01 00 00 08 00 02 00 04 00 00 00 09 00 00 ........ ........ > [0030] 00 23 9B 00 00 0C 00 02 00 08 00 00 00 00 00 00 .#...... ........ > [0040] 00 08 00 00 00 48 00 41 00 57 00 4B 00 49 00 4E .....H.A .W.K.I.N > [0050] 00 47 00 00 00 24 00 00 00 00 00 00 00 24 00 00 .G...$.. .....$.. > [0060] 00 68 00 61 00 77 00 6B 00 69 00 6E 00 67 00 20 .h.a.w.k .i.n.g. > [0070] 00 2D 00 20 00 74 00 68 00 65 00 20 00 75 00 6E .-. .t.h .e. .u.n > [0080] 00 69 00 76 00 65 00 72 00 73 00 65 00 20 00 69 .i.v.e.r .s.e. .i > [0090] 00 73 00 20 00 65 00 78 00 70 00 61 00 6E 00 64 .s. .e.x .p.a.n.d > [00A0] 00 69 00 6E 00 67 00 00 00 00 00 00 00 .i.n.g.. ..... >[2013/01/14 15:31:49.043592, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:49.043722, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:49.043785, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 46 (0 toread) >[2013/01/14 15:31:49.043848, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.043884, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=896 > smt_wct=3 > smb_vwv[ 0]=11065 (0x2B39) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:49.044378, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.044420, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.044486, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.044552, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11065 (numopen=1) >[2013/01/14 15:31:49.044616, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:49.044696, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:49.044776, 5] smbd/files.c:482(file_free) > freed files structure 11065 (0 used) >[2013/01/14 15:31:49.044844, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.044879, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=896 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:49.045228, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.048121, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:49.048192, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:49.048254, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 104 (0 toread) >[2013/01/14 15:31:49.048317, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.048351, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=960 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2013/01/14 15:31:49.049347, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 ?\.w.i.n .r.e.g.. > [0010] 00 . >[2013/01/14 15:31:49.049502, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.049566, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.049638, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = winreg >[2013/01/14 15:31:49.049711, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \winreg. >[2013/01/14 15:31:49.049782, 5] smbd/files.c:140(file_new) > allocated file structure 6970, fnum = 11066 (1 used) >[2013/01/14 15:31:49.049855, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/winreg hash 0x718d6f2 >[2013/01/14 15:31:49.049931, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2013/01/14 15:31:49.050010, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2013/01/14 15:31:49.050073, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2013/01/14 15:31:49.050156, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2013/01/14 15:31:49.050261, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \winreg >[2013/01/14 15:31:49.050744, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:49.050814, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:49.050876, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 160 (0 toread) >[2013/01/14 15:31:49.050939, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.050974, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11066 (0x2B3A) > smb_bcc=89 >[2013/01/14 15:31:49.051758, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 ?....... .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [0040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:49.052233, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.052297, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.052368, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:49.052435, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.052495, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.052557, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.052619, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b3a) >[2013/01/14 15:31:49.052683, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.052747, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:49.052812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:49.052874, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:49.052938, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.053002, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.053063, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:49.053124, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:49.053190, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.053250, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:49.053312, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:49.053377, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.053454, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 338cd001-2244-31f1-aaaa-900038001003 > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:49.054545, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:49.054609, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2013/01/14 15:31:49.054671, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:49.054733, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \winreg >[2013/01/14 15:31:49.054797, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\winreg -> \PIPE\winreg >[2013/01/14 15:31:49.054882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\winreg' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:49.055883, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:49.055966, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:49.056059, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:49.056126, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:49.056201, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:49.056267, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:49.056349, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.056384, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:49.057004, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:49.058875, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2013/01/14 15:31:49.058945, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2013/01/14 15:31:49.059008, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 124 (0 toread) >[2013/01/14 15:31:49.059070, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.059105, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11066 (0x2B3A) > smb_bcc=53 >[2013/01/14 15:31:49.059889, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [0020] 00 0C 00 00 00 00 00 02 00 70 FD EF 00 00 65 01 ........ .p....e. > [0030] 00 00 00 00 02 ..... >[2013/01/14 15:31:49.060207, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.060272, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.060341, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=36 params=0 setup=2 >[2013/01/14 15:31:49.060407, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.060467, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.060529, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.060590, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b3a) >[2013/01/14 15:31:49.060654, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.060718, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 36 >[2013/01/14 15:31:49.060781, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2013/01/14 15:31:49.060887, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 36 >[2013/01/14 15:31:49.060951, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.061015, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.061076, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 20 >[2013/01/14 15:31:49.061138, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 20 >[2013/01/14 15:31:49.061202, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.061263, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 20 >[2013/01/14 15:31:49.061324, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 20, incoming data = 20 >[2013/01/14 15:31:49.061389, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.061461, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > opnum : 0x0002 (2) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 70 FD EF 00 00 65 01 00 00 00 00 02 p....e.. .... >[2013/01/14 15:31:49.062283, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:49.062345, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:49.062409, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:49.062473, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0x2 - api_rpcTNP: rpc command: WINREG_OPENHKLM >[2013/01/14 15:31:49.062541, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[2].fn == 0xb715f0b0 >[2013/01/14 15:31:49.062614, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : * > system_name : 0x6500 (25856) > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2013/01/14 15:31:49.063074, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2013/01/14 15:31:49.063148, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2500, 2513) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:49.063246, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:49.063310, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:49.063373, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:49.063434, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:49.063673, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:49.063745, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2013/01/14 15:31:49.063819, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2013/01/14 15:31:49.063880, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2013/01/14 15:31:49.063944, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:49.064005, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM] >[2013/01/14 15:31:49.064136, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2013/01/14 15:31:49.064237, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2013/01/14 15:31:49.064309, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:49.064477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-f450-356b06700000 > result : WERR_OK >[2013/01/14 15:31:49.064759, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:49.064827, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 20 >[2013/01/14 15:31:49.064913, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:49.064977, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:49.065057, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 00 00 00 00 .p...... >[2013/01/14 15:31:49.065902, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:49.066017, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:49.066085, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:49.066149, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.066184, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:49.066832, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 17 00 00 ........ ........ > [0020] 00 00 00 00 00 F4 50 35 6B 06 70 00 00 00 00 00 ......P5 k.p..... > [0030] 00 . >[2013/01/14 15:31:49.067647, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 228 >[2013/01/14 15:31:49.067720, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe4 >[2013/01/14 15:31:49.067782, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 232 (0 toread) >[2013/01/14 15:31:49.067845, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.067880, 5] lib/util.c:342(show_msg) > size=228 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1152 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 144 (0x90) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 144 (0x90) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11066 (0x2B3A) > smb_bcc=161 >[2013/01/14 15:31:49.068660, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ?....... ........ > [0020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 17 00 00 .x...... ........ > [0030] 00 00 00 00 00 F4 50 35 6B 06 70 00 00 46 00 46 ......P5 k.p..F.F > [0040] 00 84 1B A8 52 23 00 00 00 00 00 00 00 23 00 00 ....R#.. .....#.. > [0050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E > [0060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o > [0070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d > [0080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e > [0090] 00 6E 00 74 00 00 00 00 00 00 00 00 00 3F 00 0F .n.t.... .....?.. > [00A0] 00 . >[2013/01/14 15:31:49.069428, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.069493, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.069567, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=144 params=0 setup=2 >[2013/01/14 15:31:49.069634, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.069693, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.069756, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.069817, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b3a) >[2013/01/14 15:31:49.069882, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.069947, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 144 >[2013/01/14 15:31:49.070010, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2013/01/14 15:31:49.070107, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 144 >[2013/01/14 15:31:49.070170, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.070235, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.070296, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 128 >[2013/01/14 15:31:49.070357, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 128 >[2013/01/14 15:31:49.070422, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.070483, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 128 >[2013/01/14 15:31:49.070544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 128, incoming data = 128 >[2013/01/14 15:31:49.070609, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.070684, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0090 (144) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000078 (120) > context_id : 0x0000 (0) > opnum : 0x000f (15) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=120 > [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 46 00 46 00 84 1B A8 52 23 00 00 00 .p..F.F. ...R#... > [0020] 00 00 00 00 23 00 00 00 53 00 4F 00 46 00 54 00 ....#... S.O.F.T. > [0030] 57 00 41 00 52 00 45 00 5C 00 4D 00 69 00 63 00 W.A.R.E. \.M.i.c. > [0040] 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 53 00 r.o.s.o. f.t.\.S. > [0050] 63 00 68 00 65 00 64 00 75 00 6C 00 69 00 6E 00 c.h.e.d. u.l.i.n. > [0060] 67 00 41 00 67 00 65 00 6E 00 74 00 00 00 00 00 g.A.g.e. n.t..... > [0070] 00 00 00 00 3F 00 0F 00 ....?... >[2013/01/14 15:31:49.072203, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:49.072265, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:49.072329, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:49.072394, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2013/01/14 15:31:49.072461, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[15].fn == 0xb715cb30 >[2013/01/14 15:31:49.072541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-f450-356b06700000 > keyname: struct winreg_String > name_len : 0x0046 (70) > name_size : 0x0046 (70) > name : * > name : 'SOFTWARE\Microsoft\SchedulingAgent' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x000f003f (983103) > 1: KEY_QUERY_VALUE > 1: KEY_SET_VALUE > 1: KEY_CREATE_SUB_KEY > 1: KEY_ENUMERATE_SUB_KEYS > 1: KEY_NOTIFY > 1: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2013/01/14 15:31:49.073436, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:49.073606, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2013/01/14 15:31:49.073670, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2013/01/14 15:31:49.073739, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2013/01/14 15:31:49.073800, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2013/01/14 15:31:49.073864, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:49.073925, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE] >[2013/01/14 15:31:49.074048, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2013/01/14 15:31:49.074146, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2013/01/14 15:31:49.074209, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2013/01/14 15:31:49.074277, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:49.074339, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:49.074402, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:49.074462, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:49.074559, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:49.074658, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SchedulingAgent] >[2013/01/14 15:31:49.074724, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2013/01/14 15:31:49.074794, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:49.074855, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:49.074919, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:49.074980, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:49.075063, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] not found >[2013/01/14 15:31:49.075127, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2013/01/14 15:31:49.075222, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2013/01/14 15:31:49.075286, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2013/01/14 15:31:49.075349, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_BADFILE >[2013/01/14 15:31:49.075629, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:49.075696, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 128 >[2013/01/14 15:31:49.075779, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:49.075844, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:49.075921, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 02 00 00 00 ........ >[2013/01/14 15:31:49.076790, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:49.076865, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:49.076931, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:49.076995, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.077030, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1152 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:49.077651, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [0030] 00 . >[2013/01/14 15:31:49.079461, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2013/01/14 15:31:49.079533, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2013/01/14 15:31:49.079631, 3] smbd/process.c:1662(process_smb) > Transaction 20 of length 132 (0 toread) >[2013/01/14 15:31:49.079694, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.079729, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1216 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11066 (0x2B3A) > smb_bcc=61 >[2013/01/14 15:31:49.080510, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 05 00 00 00 00 00 17 00 00 ........ ........ > [0030] 00 00 00 00 00 F4 50 35 6B 06 70 00 00 ......P5 k.p.. >[2013/01/14 15:31:49.080818, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.080883, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.080956, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2013/01/14 15:31:49.081022, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:49.081082, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:49.081144, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:49.081206, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b3a) >[2013/01/14 15:31:49.081270, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:49.081335, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2013/01/14 15:31:49.081398, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2013/01/14 15:31:49.081460, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2013/01/14 15:31:49.081523, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:49.081588, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:49.081649, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2013/01/14 15:31:49.081711, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2013/01/14 15:31:49.081775, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:49.081836, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2013/01/14 15:31:49.081897, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2013/01/14 15:31:49.081962, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:49.082036, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0005 (5) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:49.082974, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:49.083037, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:49.083100, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:49.083165, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2013/01/14 15:31:49.083232, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[5].fn == 0xb715e7e0 >[2013/01/14 15:31:49.083303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-f450-356b06700000 >[2013/01/14 15:31:49.083543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:49.083709, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 F4 50 35 6B ........ .....P5k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:49.083873, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2013/01/14 15:31:49.083937, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2013/01/14 15:31:49.084022, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2013/01/14 15:31:49.084292, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:49.084357, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2013/01/14 15:31:49.084439, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:49.084503, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:49.084579, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2013/01/14 15:31:49.085461, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:49.085538, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:49.085604, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:49.085668, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.085703, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1216 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:49.086344, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2013/01/14 15:31:49.087069, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:49.087141, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:49.087203, 3] smbd/process.c:1662(process_smb) > Transaction 21 of length 46 (0 toread) >[2013/01/14 15:31:49.087266, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.087300, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1280 > smt_wct=3 > smb_vwv[ 0]=11066 (0x2B3A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:49.087732, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:49.087770, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:49.087834, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:49.087899, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11066 (numopen=1) >[2013/01/14 15:31:49.087963, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:49.088040, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2013/01/14 15:31:49.088114, 5] smbd/files.c:482(file_free) > freed files structure 11066 (0 used) >[2013/01/14 15:31:49.088179, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:49.088214, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1280 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:49.088563, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.334552, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:51.334679, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:51.334743, 3] smbd/process.c:1662(process_smb) > Transaction 22 of length 104 (0 toread) >[2013/01/14 15:31:51.334805, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.334840, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1344 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:51.335906, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:51.336072, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.336139, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.336216, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:51.336303, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:51.336375, 5] smbd/files.c:140(file_new) > allocated file structure 6971, fnum = 11067 (1 used) >[2013/01/14 15:31:51.336448, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:51.336527, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:51.336603, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:51.336666, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:51.336751, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:51.336819, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:51.338395, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:51.338466, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:51.338529, 3] smbd/process.c:1662(process_smb) > Transaction 23 of length 160 (0 toread) >[2013/01/14 15:31:51.338591, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.338626, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11067 (0x2B3B) > smb_bcc=89 >[2013/01/14 15:31:51.339410, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 32 00 00 ?....... .H...2.. > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:51.339921, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.339987, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.340058, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:51.340125, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.340184, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.340246, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.340308, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3b) >[2013/01/14 15:31:51.340372, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:51.340436, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:51.340501, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.340563, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.340627, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.340691, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.340752, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.340814, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:51.340879, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.340940, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.341001, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:51.341066, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.341144, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000032 (50) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.342206, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:51.342299, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.342363, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:51.342425, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:51.342489, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.342577, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000032 (50) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.343580, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:51.343664, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.343728, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:51.343795, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:51.343871, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:51.343937, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:51.344002, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.344037, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:51.344658, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 32 00 00 ........ .D...2.. > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:51.345457, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:51.345564, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:51.345626, 3] smbd/process.c:1662(process_smb) > Transaction 24 of length 176 (0 toread) >[2013/01/14 15:31:51.345689, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.345723, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1472 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11067 (0x2B3B) > smb_bcc=105 >[2013/01/14 15:31:51.346523, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 10 00 B0 E9 98 01 0A 00 00 .@...... ........ > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 06 00 00 .w.k.i.n .g...... > [0050] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0060] 00 66 00 00 00 01 00 00 00 .f...... . >[2013/01/14 15:31:51.347070, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.347134, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.347206, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:51.347272, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.347331, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.347393, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.347454, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3b) >[2013/01/14 15:31:51.347518, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21110 max_trans_reply: 1024 >[2013/01/14 15:31:51.347582, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:51.347644, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:51.347706, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:51.347769, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.347834, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.347895, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.347956, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.348021, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.348081, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.348142, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:51.348207, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.348278, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0010 (16) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] B0 E9 98 01 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 06 00 00 00 00 00 00 00 06 00 00 00 g....... ........ > [0030] 73 00 74 00 75 00 66 00 66 00 00 00 01 00 00 00 s.t.u.f. f....... >[2013/01/14 15:31:51.349435, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:51.349498, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:51.349562, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:51.349626, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >[2013/01/14 15:31:51.349694, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[16].fn == 0xb71a3660 >[2013/01/14 15:31:51.349766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\Hawking' > share_name : 'stuff' > level : 0x00000001 (1) >[2013/01/14 15:31:51.349991, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1440(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1440 >[2013/01/14 15:31:51.350090, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1510(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1510 >[2013/01/14 15:31:51.350152, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > result : WERR_OK >[2013/01/14 15:31:51.350595, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:51.350661, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:51.350746, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.350810, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 92. >[2013/01/14 15:31:51.350889, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000005c (92) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=92 > [0000] 01 00 00 00 04 00 02 00 08 00 02 00 00 00 00 00 ........ ........ > [0010] 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 00 ........ ........ > [0020] 73 00 74 00 75 00 66 00 66 00 00 00 0F 00 00 00 s.t.u.f. f....... > [0030] 00 00 00 00 0F 00 00 00 41 00 73 00 73 00 6F 00 ........ A.s.s.o. > [0040] 72 00 74 00 65 00 64 00 20 00 66 00 69 00 6C 00 r.t.e.d. .f.i.l. > [0050] 65 00 73 00 00 00 00 00 00 00 00 00 e.s..... .... >[2013/01/14 15:31:51.352161, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 66 >[2013/01/14 15:31:51.352240, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 116 bytes. There is no more data outstanding >[2013/01/14 15:31:51.352306, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2013/01/14 15:31:51.352370, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.352406, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1472 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2013/01/14 15:31:51.353027, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [0010] 00 5C 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .\...... ........ > [0020] 00 08 00 02 00 00 00 00 00 0C 00 02 00 06 00 00 ........ ........ > [0030] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0040] 00 66 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .f...... ........ > [0050] 00 41 00 73 00 73 00 6F 00 72 00 74 00 65 00 64 .A.s.s.o .r.t.e.d > [0060] 00 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 . .f.i.l .e.s.... > [0070] 00 00 00 00 00 ..... >[2013/01/14 15:31:51.355120, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:51.355190, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:51.355253, 3] smbd/process.c:1662(process_smb) > Transaction 25 of length 46 (0 toread) >[2013/01/14 15:31:51.355315, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.355350, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1536 > smt_wct=3 > smb_vwv[ 0]=11067 (0x2B3B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:51.355781, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.355818, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.355883, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.355946, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11067 (numopen=1) >[2013/01/14 15:31:51.356010, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:51.356117, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:51.356189, 5] smbd/files.c:482(file_free) > freed files structure 11067 (0 used) >[2013/01/14 15:31:51.356254, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.356306, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1536 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.356655, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.357231, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2013/01/14 15:31:51.357300, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2013/01/14 15:31:51.357362, 3] smbd/process.c:1662(process_smb) > Transaction 26 of length 86 (0 toread) >[2013/01/14 15:31:51.357424, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.357458, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=1600 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2013/01/14 15:31:51.357916, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 48 00 41 00 57 00 4B 00 49 00 4E .\.\.H.A .W.K.I.N > [0010] 00 47 00 5C 00 53 00 54 00 55 00 46 00 46 00 00 .G.\.S.T .U.F.F.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2013/01/14 15:31:51.358156, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:51.358220, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.358283, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:51.358344, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:51.358455, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:51.358541, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [STUFF] >[2013/01/14 15:31:51.358628, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service stuff >[2013/01/14 15:31:51.358703, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:51.358782, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID +WARGAMES\Domain Admins is not in a valid format >[2013/01/14 15:31:51.358850, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\Domain Admins => domain=[WARGAMES], name=[Domain Admins] >[2013/01/14 15:31:51.358914, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2013/01/14 15:31:51.370315, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID WARGAMES\smythe is not in a valid format >[2013/01/14 15:31:51.370397, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\smythe => domain=[WARGAMES], name=[smythe] >[2013/01/14 15:31:51.370460, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:51.380292, 10] smbd/share_access.c:219(user_ok_token) > User WARGAMES\administrator not in 'valid users' >[2013/01/14 15:31:51.380383, 2] smbd/service.c:627(create_connection_session_info) > user 'WARGAMES\administrator' (from session setup) not permitted to access this share (stuff) >[2013/01/14 15:31:51.380463, 1] smbd/service.c:805(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.380540, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.380608, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.380684, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x75 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=49155 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=1600 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.381036, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.383391, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2013/01/14 15:31:51.383508, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2013/01/14 15:31:51.383571, 3] smbd/process.c:1662(process_smb) > Transaction 27 of length 86 (0 toread) >[2013/01/14 15:31:51.383634, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.383670, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=1664 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2013/01/14 15:31:51.384131, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 48 00 41 00 57 00 4B 00 49 00 4E .\.\.H.A .W.K.I.N > [0010] 00 47 00 5C 00 53 00 54 00 55 00 46 00 46 00 00 .G.\.S.T .U.F.F.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2013/01/14 15:31:51.384381, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:51.384447, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.384511, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:51.384573, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:51.384681, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:51.384771, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [STUFF] >[2013/01/14 15:31:51.384868, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service stuff >[2013/01/14 15:31:51.384946, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:51.385029, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID +WARGAMES\Domain Admins is not in a valid format >[2013/01/14 15:31:51.385098, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\Domain Admins => domain=[WARGAMES], name=[Domain Admins] >[2013/01/14 15:31:51.385161, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2013/01/14 15:31:51.386347, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID WARGAMES\smythe is not in a valid format >[2013/01/14 15:31:51.386420, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\smythe => domain=[WARGAMES], name=[smythe] >[2013/01/14 15:31:51.386483, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:51.387523, 10] smbd/share_access.c:219(user_ok_token) > User WARGAMES\administrator not in 'valid users' >[2013/01/14 15:31:51.387589, 2] smbd/service.c:627(create_connection_session_info) > user 'WARGAMES\administrator' (from session setup) not permitted to access this share (stuff) >[2013/01/14 15:31:51.387658, 1] smbd/service.c:805(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.387732, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.387798, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.387833, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x75 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=49155 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=1664 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.388184, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.388863, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:51.389013, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:51.389077, 3] smbd/process.c:1662(process_smb) > Transaction 28 of length 104 (0 toread) >[2013/01/14 15:31:51.389139, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.389174, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1728 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:51.390185, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:51.390348, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.390420, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.390487, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-546846319-217595157-9522986-500 > SID[ 1]: S-1-5-21-546846319-217595157-9522986-513 > SID[ 2]: S-1-22-2-2513 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-2500 > SID[ 7]: S-1-22-2-300002 > SID[ 8]: S-1-22-2-300003 > SID[ 9]: S-1-22-2-300004 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:51.390914, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2500 > Primary group is 2513 and contains 4 supplementary groups > Group[ 0]: 2513 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300004 >[2013/01/14 15:31:51.391133, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2500), gid=(0,2513) >[2013/01/14 15:31:51.391210, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:51.391282, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:51.391350, 5] smbd/files.c:140(file_new) > allocated file structure 6972, fnum = 11068 (1 used) >[2013/01/14 15:31:51.391423, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:51.391500, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:51.391576, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:51.391639, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:51.391720, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:51.391787, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:51.393304, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:51.393400, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:51.393464, 3] smbd/process.c:1662(process_smb) > Transaction 29 of length 160 (0 toread) >[2013/01/14 15:31:51.393569, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.393604, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11068 (0x2B3C) > smb_bcc=89 >[2013/01/14 15:31:51.394392, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 00 00 00 ?....... .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:51.394871, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.394938, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.395017, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:51.395084, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.395144, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.395206, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.395268, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3c) >[2013/01/14 15:31:51.395333, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:51.395398, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:51.395463, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.395525, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.395589, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.395654, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.395715, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.395776, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:51.395842, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.395903, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.395964, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:51.396029, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.396108, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.397211, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:51.397276, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.397339, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:51.397400, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:51.397467, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.397555, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000000 (0) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.398559, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:51.398645, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.398709, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:51.398776, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:51.398851, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:51.398946, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:51.399011, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.399046, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:51.399667, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 00 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:51.400480, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:51.400551, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:51.400613, 3] smbd/process.c:1662(process_smb) > Transaction 30 of length 176 (0 toread) >[2013/01/14 15:31:51.400676, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.400711, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11068 (0x2B3C) > smb_bcc=105 >[2013/01/14 15:31:51.401495, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 10 00 0C D6 98 01 0A 00 00 .@...... ........ > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 06 00 00 .w.k.i.n .g...... > [0050] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0060] 00 66 00 00 00 01 00 00 00 .f...... . >[2013/01/14 15:31:51.402046, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.402111, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.402181, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:51.402247, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.402306, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.402368, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.402429, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3c) >[2013/01/14 15:31:51.402493, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:51.402557, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:51.402619, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:51.402681, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:51.402744, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.402841, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.402902, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.402963, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.403028, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.403089, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.403150, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:51.403214, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.403285, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0010 (16) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] 0C D6 98 01 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 06 00 00 00 00 00 00 00 06 00 00 00 g....... ........ > [0030] 73 00 74 00 75 00 66 00 66 00 00 00 01 00 00 00 s.t.u.f. f....... >[2013/01/14 15:31:51.404408, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:51.404470, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:51.404534, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:51.404599, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >[2013/01/14 15:31:51.404668, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[16].fn == 0xb71a3660 >[2013/01/14 15:31:51.404739, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\Hawking' > share_name : 'stuff' > level : 0x00000001 (1) >[2013/01/14 15:31:51.404964, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1440(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1440 >[2013/01/14 15:31:51.405061, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1510(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1510 >[2013/01/14 15:31:51.405124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > result : WERR_OK >[2013/01/14 15:31:51.405601, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:51.405669, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:51.405751, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.405815, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 92. >[2013/01/14 15:31:51.405893, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000005c (92) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=92 > [0000] 01 00 00 00 04 00 02 00 08 00 02 00 00 00 00 00 ........ ........ > [0010] 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 00 ........ ........ > [0020] 73 00 74 00 75 00 66 00 66 00 00 00 0F 00 00 00 s.t.u.f. f....... > [0030] 00 00 00 00 0F 00 00 00 41 00 73 00 73 00 6F 00 ........ A.s.s.o. > [0040] 72 00 74 00 65 00 64 00 20 00 66 00 69 00 6C 00 r.t.e.d. .f.i.l. > [0050] 65 00 73 00 00 00 00 00 00 00 00 00 e.s..... .... >[2013/01/14 15:31:51.407162, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 66 >[2013/01/14 15:31:51.407240, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 116 bytes. There is no more data outstanding >[2013/01/14 15:31:51.407306, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2013/01/14 15:31:51.407370, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.407405, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2013/01/14 15:31:51.408025, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [0010] 00 5C 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .\...... ........ > [0020] 00 08 00 02 00 00 00 00 00 0C 00 02 00 06 00 00 ........ ........ > [0030] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0040] 00 66 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .f...... ........ > [0050] 00 41 00 73 00 73 00 6F 00 72 00 74 00 65 00 64 .A.s.s.o .r.t.e.d > [0060] 00 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 . .f.i.l .e.s.... > [0070] 00 00 00 00 00 ..... >[2013/01/14 15:31:51.410160, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:51.410251, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:51.410314, 3] smbd/process.c:1662(process_smb) > Transaction 31 of length 46 (0 toread) >[2013/01/14 15:31:51.410377, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.410412, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1920 > smt_wct=3 > smb_vwv[ 0]=11068 (0x2B3C) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:51.410843, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.410881, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.410945, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.411009, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11068 (numopen=1) >[2013/01/14 15:31:51.411073, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:51.411152, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:51.411225, 5] smbd/files.c:482(file_free) > freed files structure 11068 (0 used) >[2013/01/14 15:31:51.411291, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.411326, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=1920 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.411675, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.413065, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:51.413133, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:51.413196, 3] smbd/process.c:1662(process_smb) > Transaction 32 of length 104 (0 toread) >[2013/01/14 15:31:51.413258, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.413293, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=1984 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:51.414293, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:51.414452, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.414516, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.414582, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:51.414652, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:51.414719, 5] smbd/files.c:140(file_new) > allocated file structure 6973, fnum = 11069 (1 used) >[2013/01/14 15:31:51.414788, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:51.414909, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:51.414980, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:51.415042, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:51.415120, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:51.415186, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:51.416689, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:51.416759, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:51.416822, 3] smbd/process.c:1662(process_smb) > Transaction 33 of length 160 (0 toread) >[2013/01/14 15:31:51.416885, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.416920, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11069 (0x2B3D) > smb_bcc=89 >[2013/01/14 15:31:51.417706, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 69 00 6E ?....... .H...i.n > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:51.418179, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.418243, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.418314, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:51.418380, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.418440, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.418502, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.418564, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3d) >[2013/01/14 15:31:51.418627, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:51.418692, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:51.418757, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.418819, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.418883, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.418948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.419009, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.419070, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:51.419172, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.419234, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:51.419295, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:51.419360, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.419440, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x006e0069 (7209065) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.420505, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:51.420570, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.420633, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:51.420695, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:51.420760, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:51.420848, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x006e0069 (7209065) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:51.421882, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:51.421968, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.422033, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:51.422100, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:51.422176, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:51.422242, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:51.422306, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.422341, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:51.422961, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 69 00 6E ........ .D...i.n > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:51.423754, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:51.423825, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:51.423888, 3] smbd/process.c:1662(process_smb) > Transaction 34 of length 176 (0 toread) >[2013/01/14 15:31:51.423950, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.423985, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2112 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11069 (0x2B3D) > smb_bcc=105 >[2013/01/14 15:31:51.424770, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 10 00 90 F0 98 01 0A 00 00 .@...... ........ > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 06 00 00 .w.k.i.n .g...... > [0050] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0060] 00 66 00 00 00 01 00 00 00 .f...... . >[2013/01/14 15:31:51.425317, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.425382, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.425483, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:51.425549, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:51.425609, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:51.425670, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:51.425732, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3d) >[2013/01/14 15:31:51.425797, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:51.425860, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:51.425922, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:51.425984, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:51.426048, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:51.426113, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:51.426174, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.426235, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:51.426317, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:51.426378, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:51.426439, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:51.426504, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:51.426576, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0010 (16) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] 90 F0 98 01 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 06 00 00 00 00 00 00 00 06 00 00 00 g....... ........ > [0030] 73 00 74 00 75 00 66 00 66 00 00 00 01 00 00 00 s.t.u.f. f....... >[2013/01/14 15:31:51.427702, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:51.427764, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:51.427829, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:51.427893, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO >[2013/01/14 15:31:51.427961, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[16].fn == 0xb71a3660 >[2013/01/14 15:31:51.428056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > in: struct srvsvc_NetShareGetInfo > server_unc : * > server_unc : '\\Hawking' > share_name : 'stuff' > level : 0x00000001 (1) >[2013/01/14 15:31:51.428282, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1440(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1440 >[2013/01/14 15:31:51.428379, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1510(_srvsvc_NetShareGetInfo) > _srvsvc_NetShareGetInfo: 1510 >[2013/01/14 15:31:51.428442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo > out: struct srvsvc_NetShareGetInfo > info : * > info : union srvsvc_NetShareInfo(case 1) > info1 : * > info1: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > result : WERR_OK >[2013/01/14 15:31:51.428887, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:51.428954, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:51.429037, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:51.429102, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 92. >[2013/01/14 15:31:51.429180, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000005c (92) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=92 > [0000] 01 00 00 00 04 00 02 00 08 00 02 00 00 00 00 00 ........ ........ > [0010] 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 00 ........ ........ > [0020] 73 00 74 00 75 00 66 00 66 00 00 00 0F 00 00 00 s.t.u.f. f....... > [0030] 00 00 00 00 0F 00 00 00 41 00 73 00 73 00 6F 00 ........ A.s.s.o. > [0040] 72 00 74 00 65 00 64 00 20 00 66 00 69 00 6C 00 r.t.e.d. .f.i.l. > [0050] 65 00 73 00 00 00 00 00 00 00 00 00 e.s..... .... >[2013/01/14 15:31:51.430427, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 66 >[2013/01/14 15:31:51.430505, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 116 bytes. There is no more data outstanding >[2013/01/14 15:31:51.430572, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2013/01/14 15:31:51.430636, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.430671, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2112 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2013/01/14 15:31:51.431321, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [0010] 00 5C 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .\...... ........ > [0020] 00 08 00 02 00 00 00 00 00 0C 00 02 00 06 00 00 ........ ........ > [0030] 00 00 00 00 00 06 00 00 00 73 00 74 00 75 00 66 ........ .s.t.u.f > [0040] 00 66 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .f...... ........ > [0050] 00 41 00 73 00 73 00 6F 00 72 00 74 00 65 00 64 .A.s.s.o .r.t.e.d > [0060] 00 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 . .f.i.l .e.s.... > [0070] 00 00 00 00 00 ..... >[2013/01/14 15:31:51.433407, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:51.433479, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:51.433541, 3] smbd/process.c:1662(process_smb) > Transaction 35 of length 46 (0 toread) >[2013/01/14 15:31:51.433604, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.433639, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2176 > smt_wct=3 > smb_vwv[ 0]=11069 (0x2B3D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:51.434071, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.434108, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:51.434172, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:51.434236, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11069 (numopen=1) >[2013/01/14 15:31:51.434299, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:51.434375, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:51.434447, 5] smbd/files.c:482(file_free) > freed files structure 11069 (0 used) >[2013/01/14 15:31:51.434512, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.434547, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2176 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.434896, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.435458, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2013/01/14 15:31:51.435528, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2013/01/14 15:31:51.435591, 3] smbd/process.c:1662(process_smb) > Transaction 36 of length 86 (0 toread) >[2013/01/14 15:31:51.435653, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.435688, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2240 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2013/01/14 15:31:51.436146, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 48 00 41 00 57 00 4B 00 49 00 4E .\.\.H.A .W.K.I.N > [0010] 00 47 00 5C 00 53 00 54 00 55 00 46 00 46 00 00 .G.\.S.T .U.F.F.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2013/01/14 15:31:51.436401, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:51.436500, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.436564, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:51.436625, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:51.436732, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:51.436816, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [STUFF] >[2013/01/14 15:31:51.436903, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service stuff >[2013/01/14 15:31:51.436978, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:51.437056, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID +WARGAMES\Domain Admins is not in a valid format >[2013/01/14 15:31:51.437123, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\Domain Admins => domain=[WARGAMES], name=[Domain Admins] >[2013/01/14 15:31:51.437186, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2013/01/14 15:31:51.438427, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID WARGAMES\smythe is not in a valid format >[2013/01/14 15:31:51.438500, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\smythe => domain=[WARGAMES], name=[smythe] >[2013/01/14 15:31:51.438563, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:51.439599, 10] smbd/share_access.c:219(user_ok_token) > User WARGAMES\administrator not in 'valid users' >[2013/01/14 15:31:51.439665, 2] smbd/service.c:627(create_connection_session_info) > user 'WARGAMES\administrator' (from session setup) not permitted to access this share (stuff) >[2013/01/14 15:31:51.439733, 1] smbd/service.c:805(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.439806, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.439872, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.439907, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x75 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=49155 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2240 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.440258, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.443333, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2013/01/14 15:31:51.443407, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2013/01/14 15:31:51.443470, 3] smbd/process.c:1662(process_smb) > Transaction 37 of length 86 (0 toread) >[2013/01/14 15:31:51.443532, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.443567, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2304 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2013/01/14 15:31:51.444028, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 48 00 41 00 57 00 4B 00 49 00 4E .\.\.H.A .W.K.I.N > [0010] 00 47 00 5C 00 53 00 54 00 55 00 46 00 46 00 00 .G.\.S.T .U.F.F.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2013/01/14 15:31:51.444273, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:51.444337, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.444400, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:51.444461, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:51.444605, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:51.444686, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [STUFF] >[2013/01/14 15:31:51.444772, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service stuff >[2013/01/14 15:31:51.444845, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:51.444919, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID +WARGAMES\Domain Admins is not in a valid format >[2013/01/14 15:31:51.444986, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\Domain Admins => domain=[WARGAMES], name=[Domain Admins] >[2013/01/14 15:31:51.445049, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2013/01/14 15:31:51.446154, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID WARGAMES\smythe is not in a valid format >[2013/01/14 15:31:51.446223, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\smythe => domain=[WARGAMES], name=[smythe] >[2013/01/14 15:31:51.446307, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:51.447396, 10] smbd/share_access.c:219(user_ok_token) > User WARGAMES\administrator not in 'valid users' >[2013/01/14 15:31:51.447462, 2] smbd/service.c:627(create_connection_session_info) > user 'WARGAMES\administrator' (from session setup) not permitted to access this share (stuff) >[2013/01/14 15:31:51.447531, 1] smbd/service.c:805(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.447602, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.447667, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.447703, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x75 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=49155 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2304 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.448054, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:51.449797, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2013/01/14 15:31:51.449869, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2013/01/14 15:31:51.449932, 3] smbd/process.c:1662(process_smb) > Transaction 38 of length 86 (0 toread) >[2013/01/14 15:31:51.449995, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.450029, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2368 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2013/01/14 15:31:51.450490, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 48 00 41 00 57 00 4B 00 49 00 4E .\.\.H.A .W.K.I.N > [0010] 00 47 00 5C 00 53 00 54 00 55 00 46 00 46 00 00 .G.\.S.T .U.F.F.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2013/01/14 15:31:51.450735, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 28678) conn 0x0 >[2013/01/14 15:31:51.450799, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:51.450861, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:51.450922, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:51.451022, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:51.451100, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [STUFF] >[2013/01/14 15:31:51.451186, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service stuff >[2013/01/14 15:31:51.451308, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.7.2 (192.168.7.2) >[2013/01/14 15:31:51.451384, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID +WARGAMES\Domain Admins is not in a valid format >[2013/01/14 15:31:51.451452, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\Domain Admins => domain=[WARGAMES], name=[Domain Admins] >[2013/01/14 15:31:51.451515, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2013/01/14 15:31:51.452620, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID WARGAMES\smythe is not in a valid format >[2013/01/14 15:31:51.452689, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: WARGAMES\smythe => domain=[WARGAMES], name=[smythe] >[2013/01/14 15:31:51.452754, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2013/01/14 15:31:51.453828, 10] smbd/share_access.c:219(user_ok_token) > User WARGAMES\administrator not in 'valid users' >[2013/01/14 15:31:51.453896, 2] smbd/service.c:627(create_connection_session_info) > user 'WARGAMES\administrator' (from session setup) not permitted to access this share (stuff) >[2013/01/14 15:31:51.453965, 1] smbd/service.c:805(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.454034, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED >[2013/01/14 15:31:51.454100, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:51.454135, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x75 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=49155 > smb_tid=0 > smb_pid=51966 > smb_uid=101 > smb_mid=2368 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:51.454487, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.902260, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:53.902391, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:53.902455, 3] smbd/process.c:1662(process_smb) > Transaction 39 of length 104 (0 toread) >[2013/01/14 15:31:53.902518, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.902553, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2432 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:53.903558, 10] ../lib/util/util.c:415(dump_data) > [0000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:53.903724, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.903800, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.903868, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-546846319-217595157-9522986-500 > SID[ 1]: S-1-5-21-546846319-217595157-9522986-513 > SID[ 2]: S-1-22-2-2513 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-2500 > SID[ 7]: S-1-22-2-300002 > SID[ 8]: S-1-22-2-300003 > SID[ 9]: S-1-22-2-300004 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:53.904299, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2500 > Primary group is 2513 and contains 4 supplementary groups > Group[ 0]: 2513 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300004 >[2013/01/14 15:31:53.904607, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2500), gid=(0,2513) >[2013/01/14 15:31:53.904698, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:53.904770, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:53.904840, 5] smbd/files.c:140(file_new) > allocated file structure 6974, fnum = 11070 (1 used) >[2013/01/14 15:31:53.904914, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:53.904991, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:53.905067, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:53.905130, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:53.905212, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:53.905281, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:53.906839, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:53.906910, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:53.906973, 3] smbd/process.c:1662(process_smb) > Transaction 40 of length 160 (0 toread) >[2013/01/14 15:31:53.907035, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.907070, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2496 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11070 (0x2B3E) > smb_bcc=89 >[2013/01/14 15:31:53.907856, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 ?....... .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:53.908331, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.908396, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.908465, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:53.908531, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.908591, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.908653, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.908715, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3e) >[2013/01/14 15:31:53.908778, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.908843, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:53.908952, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:53.909015, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:53.909079, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.909144, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.909205, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.909266, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:53.909332, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.909392, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.909453, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:53.909518, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.909596, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.910652, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:53.910716, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:53.910779, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:53.910841, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:53.910905, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:53.910992, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.912022, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:53.912108, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:53.912173, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:53.912239, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:53.912315, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:53.912380, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:53.912445, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.912480, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2496 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:53.913100, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:53.913893, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2013/01/14 15:31:53.913964, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2013/01/14 15:31:53.914027, 3] smbd/process.c:1662(process_smb) > Transaction 41 of length 176 (0 toread) >[2013/01/14 15:31:53.914089, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.914124, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2560 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11070 (0x2B3E) > smb_bcc=105 >[2013/01/14 15:31:53.914949, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 0F 00 FC 33 8E 00 0A 00 00 .@...... ..3..... > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 01 00 00 .w.k.i.n .g...... > [0050] 00 01 00 00 00 00 F6 98 01 00 00 00 00 00 00 00 ........ ........ > [0060] 00 FF FF FF FF 00 00 00 00 ........ . >[2013/01/14 15:31:53.915500, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.915565, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.915636, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2013/01/14 15:31:53.915702, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.915762, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.915823, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.915884, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3e) >[2013/01/14 15:31:53.915948, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.916012, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2013/01/14 15:31:53.916074, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2013/01/14 15:31:53.916136, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2013/01/14 15:31:53.916199, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.916264, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.916340, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:53.916402, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:53.916466, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.916527, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:53.916588, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2013/01/14 15:31:53.916653, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.916725, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x000f (15) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] FC 33 8E 00 0A 00 00 00 00 00 00 00 0A 00 00 00 .3...... ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 01 00 00 00 01 00 00 00 00 F6 98 01 g....... ........ > [0030] 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 ........ ........ >[2013/01/14 15:31:53.917884, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:53.917947, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:53.918011, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:53.918076, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL >[2013/01/14 15:31:53.918144, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[15].fn == 0xb71a3960 >[2013/01/14 15:31:53.918220, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > in: struct srvsvc_NetShareEnumAll > server_unc : * > server_unc : '\\Hawking' > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x00000000 (0) > array : NULL > max_buffer : 0xffffffff (4294967295) > resume_handle : NULL >[2013/01/14 15:31:53.918713, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1381(_srvsvc_NetShareEnumAll) > _srvsvc_NetShareEnumAll: 1381 >[2013/01/14 15:31:53.918777, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:567(init_srv_share_info_ctr) > init_srv_share_info_ctr >[2013/01/14 15:31:53.918839, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2500, 2513) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:53.918911, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.918974, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:53.919036, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:53.919097, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:53.919202, 8] smbd/service.c:248(load_registry_shares) > load_registry_shares() >[2013/01/14 15:31:53.919272, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.919337, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:590(init_srv_share_info_ctr) > NOT counting service printers >[2013/01/14 15:31:53.919406, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service print$ >[2013/01/14 15:31:53.919472, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service backup >[2013/01/14 15:31:53.919537, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service stuff >[2013/01/14 15:31:53.919602, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service pdf >[2013/01/14 15:31:53.919667, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service IPC$ >[2013/01/14 15:31:53.919733, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Virtual_Printer-HC.A >[2013/01/14 15:31:53.919799, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Virtual_Printer-HC.W >[2013/01/14 15:31:53.919865, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service Landscape_PDF-HC.A >[2013/01/14 15:31:53.919931, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service HP4250-HC.A >[2013/01/14 15:31:53.920023, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) > counting service ES283-HC.A >[2013/01/14 15:31:53.920185, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1395(_srvsvc_NetShareEnumAll) > _srvsvc_NetShareEnumAll: 1395 >[2013/01/14 15:31:53.920247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > out: struct srvsvc_NetShareEnumAll > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x0000000a (10) > array : * > array: ARRAY(10) > array: struct srvsvc_NetShareInfo1 > name : * > name : 'print$' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Printer Drivers' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'backup' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'backups' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'stuff' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Assorted files' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'pdf' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'pdf printer output' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'IPC$' > type : STYPE_IPC_HIDDEN (0x80000003) > comment : * > comment : 'IPC Service (hawking - the universe is expanding)' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Virtual_Printer-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'PDF Printer on Hawking' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Virtual_Printer-HC.W' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Virtual 'portrait' Printer' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Landscape_PDF-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Virtual Landscape PDF Printer' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'HP4250-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'HP LaserJet 4250tn' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'ES283-HC.A' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Toshiba e-Studio 283' > totalentries : * > totalentries : 0x0000000a (10) > resume_handle : NULL > result : WERR_OK >[2013/01/14 15:31:53.923045, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:53.923117, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2013/01/14 15:31:53.923200, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:53.923264, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1104. >[2013/01/14 15:31:53.923347, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0468 (1128) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000450 (1104) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1104 > [0000] 01 00 00 00 01 00 00 00 08 00 02 00 0A 00 00 00 ........ ........ > [0010] 0C 00 02 00 0A 00 00 00 10 00 02 00 00 00 00 00 ........ ........ > [0020] 14 00 02 00 18 00 02 00 00 00 00 00 1C 00 02 00 ........ ........ > [0030] 20 00 02 00 00 00 00 00 24 00 02 00 28 00 02 00 ....... $...(... > [0040] 00 00 00 00 2C 00 02 00 30 00 02 00 03 00 00 80 ....,... 0....... > [0050] 34 00 02 00 38 00 02 00 01 00 00 00 3C 00 02 00 4...8... ....<... > [0060] 40 00 02 00 01 00 00 00 44 00 02 00 48 00 02 00 @....... D...H... > [0070] 01 00 00 00 4C 00 02 00 50 00 02 00 01 00 00 00 ....L... P....... > [0080] 54 00 02 00 58 00 02 00 01 00 00 00 5C 00 02 00 T...X... ....\... > [0090] 07 00 00 00 00 00 00 00 07 00 00 00 70 00 72 00 ........ ....p.r. > [00A0] 69 00 6E 00 74 00 24 00 00 00 00 00 10 00 00 00 i.n.t.$. ........ > [00B0] 00 00 00 00 10 00 00 00 50 00 72 00 69 00 6E 00 ........ P.r.i.n. > [00C0] 74 00 65 00 72 00 20 00 44 00 72 00 69 00 76 00 t.e.r. . D.r.i.v. > [00D0] 65 00 72 00 73 00 00 00 07 00 00 00 00 00 00 00 e.r.s... ........ > [00E0] 07 00 00 00 62 00 61 00 63 00 6B 00 75 00 70 00 ....b.a. c.k.u.p. > [00F0] 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ > [0100] 62 00 61 00 63 00 6B 00 75 00 70 00 73 00 00 00 b.a.c.k. u.p.s... > [0110] 06 00 00 00 00 00 00 00 06 00 00 00 73 00 74 00 ........ ....s.t. > [0120] 75 00 66 00 66 00 00 00 0F 00 00 00 00 00 00 00 u.f.f... ........ > [0130] 0F 00 00 00 41 00 73 00 73 00 6F 00 72 00 74 00 ....A.s. s.o.r.t. > [0140] 65 00 64 00 20 00 66 00 69 00 6C 00 65 00 73 00 e.d. .f. i.l.e.s. > [0150] 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 ........ ........ > [0160] 70 00 64 00 66 00 00 00 13 00 00 00 00 00 00 00 p.d.f... ........ > [0170] 13 00 00 00 70 00 64 00 66 00 20 00 70 00 72 00 ....p.d. f. .p.r. > [0180] 69 00 6E 00 74 00 65 00 72 00 20 00 6F 00 75 00 i.n.t.e. r. .o.u. > [0190] 74 00 70 00 75 00 74 00 00 00 00 00 05 00 00 00 t.p.u.t. ........ > [01A0] 00 00 00 00 05 00 00 00 49 00 50 00 43 00 24 00 ........ I.P.C.$. > [01B0] 00 00 00 00 32 00 00 00 00 00 00 00 32 00 00 00 ....2... ....2... > [01C0] 49 00 50 00 43 00 20 00 53 00 65 00 72 00 76 00 I.P.C. . S.e.r.v. > [01D0] 69 00 63 00 65 00 20 00 28 00 68 00 61 00 77 00 i.c.e. . (.h.a.w. > [01E0] 6B 00 69 00 6E 00 67 00 20 00 2D 00 20 00 74 00 k.i.n.g. .-. .t. > [01F0] 68 00 65 00 20 00 75 00 6E 00 69 00 76 00 65 00 h.e. .u. n.i.v.e. > [0200] 72 00 73 00 65 00 20 00 69 00 73 00 20 00 65 00 r.s.e. . i.s. .e. > [0210] 78 00 70 00 61 00 6E 00 64 00 69 00 6E 00 67 00 x.p.a.n. d.i.n.g. > [0220] 29 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 )....... ........ > [0230] 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 5F 00 V.i.r.t. u.a.l._. > [0240] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 2D 00 P.r.i.n. t.e.r.-. > [0250] 48 00 43 00 2E 00 41 00 00 00 00 00 17 00 00 00 H.C...A. ........ > [0260] 00 00 00 00 17 00 00 00 50 00 44 00 46 00 20 00 ........ P.D.F. . > [0270] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 P.r.i.n. t.e.r. . > [0280] 6F 00 6E 00 20 00 48 00 61 00 77 00 6B 00 69 00 o.n. .H. a.w.k.i. > [0290] 6E 00 67 00 00 00 00 00 15 00 00 00 00 00 00 00 n.g..... ........ > [02A0] 15 00 00 00 56 00 69 00 72 00 74 00 75 00 61 00 ....V.i. r.t.u.a. > [02B0] 6C 00 5F 00 50 00 72 00 69 00 6E 00 74 00 65 00 l._.P.r. i.n.t.e. > [02C0] 72 00 2D 00 48 00 43 00 2E 00 57 00 00 00 00 00 r.-.H.C. ..W..... > [02D0] 1B 00 00 00 00 00 00 00 1B 00 00 00 56 00 69 00 ........ ....V.i. > [02E0] 72 00 74 00 75 00 61 00 6C 00 20 00 27 00 70 00 r.t.u.a. l. .'.p. > [02F0] 6F 00 72 00 74 00 72 00 61 00 69 00 74 00 27 00 o.r.t.r. a.i.t.'. > [0300] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. > [0310] 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ > [0320] 4C 00 61 00 6E 00 64 00 73 00 63 00 61 00 70 00 L.a.n.d. s.c.a.p. > [0330] 65 00 5F 00 50 00 44 00 46 00 2D 00 48 00 43 00 e._.P.D. F.-.H.C. > [0340] 2E 00 41 00 00 00 00 00 1E 00 00 00 00 00 00 00 ..A..... ........ > [0350] 1E 00 00 00 56 00 69 00 72 00 74 00 75 00 61 00 ....V.i. r.t.u.a. > [0360] 6C 00 20 00 4C 00 61 00 6E 00 64 00 73 00 63 00 l. .L.a. n.d.s.c. > [0370] 61 00 70 00 65 00 20 00 50 00 44 00 46 00 20 00 a.p.e. . P.D.F. . > [0380] 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 P.r.i.n. t.e.r... > [0390] 0C 00 00 00 00 00 00 00 0C 00 00 00 48 00 50 00 ........ ....H.P. > [03A0] 34 00 32 00 35 00 30 00 2D 00 48 00 43 00 2E 00 4.2.5.0. -.H.C... > [03B0] 41 00 00 00 13 00 00 00 00 00 00 00 13 00 00 00 A....... ........ > [03C0] 48 00 50 00 20 00 4C 00 61 00 73 00 65 00 72 00 H.P. .L. a.s.e.r. > [03D0] 4A 00 65 00 74 00 20 00 34 00 32 00 35 00 30 00 J.e.t. . 4.2.5.0. > [03E0] 74 00 6E 00 00 00 00 00 0B 00 00 00 00 00 00 00 t.n..... ........ > [03F0] 0B 00 00 00 45 00 53 00 32 00 38 00 33 00 2D 00 ....E.S. 2.8.3.-. > [0400] 48 00 43 00 2E 00 41 00 00 00 00 00 15 00 00 00 H.C...A. ........ > [0410] 00 00 00 00 15 00 00 00 54 00 6F 00 73 00 68 00 ........ T.o.s.h. > [0420] 69 00 62 00 61 00 20 00 65 00 2D 00 53 00 74 00 i.b.a. . e.-.S.t. > [0430] 75 00 64 00 69 00 6F 00 20 00 32 00 38 00 33 00 u.d.i.o. .2.8.3. > [0440] 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2013/01/14 15:31:53.930815, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2013/01/14 15:31:53.930880, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2013/01/14 15:31:53.930944, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2013/01/14 15:31:53.931009, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2013/01/14 15:31:53.931075, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.931109, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2560 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2013/01/14 15:31:53.931732, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 68 04 00 00 01 00 00 ........ .h...... > [0010] 00 50 04 00 00 00 00 00 00 01 00 00 00 01 00 00 .P...... ........ > [0020] 00 08 00 02 00 0A 00 00 00 0C 00 02 00 0A 00 00 ........ ........ > [0030] 00 10 00 02 00 00 00 00 00 14 00 02 00 18 00 02 ........ ........ > [0040] 00 00 00 00 00 1C 00 02 00 20 00 02 00 00 00 00 ........ . ...... > [0050] 00 24 00 02 00 28 00 02 00 00 00 00 00 2C 00 02 .$...(.. .....,.. > [0060] 00 30 00 02 00 03 00 00 80 34 00 02 00 38 00 02 .0...... .4...8.. > [0070] 00 01 00 00 00 3C 00 02 00 40 00 02 00 01 00 00 .....<.. .@...... > [0080] 00 44 00 02 00 48 00 02 00 01 00 00 00 4C 00 02 .D...H.. .....L.. > [0090] 00 50 00 02 00 01 00 00 00 54 00 02 00 58 00 02 .P...... .T...X.. > [00A0] 00 01 00 00 00 5C 00 02 00 07 00 00 00 00 00 00 .....\.. ........ > [00B0] 00 07 00 00 00 70 00 72 00 69 00 6E 00 74 00 24 .....p.r .i.n.t.$ > [00C0] 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 ........ ........ > [00D0] 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 20 .P.r.i.n .t.e.r. > [00E0] 00 44 00 72 00 69 00 76 00 65 00 72 00 73 00 00 .D.r.i.v .e.r.s.. > [00F0] 00 07 00 00 00 00 00 00 00 07 00 00 00 62 00 61 ........ .....b.a > [0100] 00 63 00 6B 00 75 00 70 00 00 00 00 00 08 00 00 .c.k.u.p ........ > [0110] 00 00 00 00 00 08 00 00 00 62 00 61 00 63 00 6B ........ .b.a.c.k > [0120] 00 75 00 70 00 73 00 00 00 06 00 00 00 00 00 00 .u.p.s.. ........ > [0130] 00 06 00 00 00 73 00 74 00 75 00 66 00 66 00 00 .....s.t .u.f.f.. > [0140] 00 0F 00 00 00 00 00 00 00 0F 00 00 00 41 00 73 ........ .....A.s > [0150] 00 73 00 6F 00 72 00 74 00 65 00 64 00 20 00 66 .s.o.r.t .e.d. .f > [0160] 00 69 00 6C 00 65 00 73 00 00 00 00 00 04 00 00 .i.l.e.s ........ > [0170] 00 00 00 00 00 04 00 00 00 70 00 64 00 66 00 00 ........ .p.d.f.. > [0180] 00 13 00 00 00 00 00 00 00 13 00 00 00 70 00 64 ........ .....p.d > [0190] 00 66 00 20 00 70 00 72 00 69 00 6E 00 74 00 65 .f. .p.r .i.n.t.e > [01A0] 00 72 00 20 00 6F 00 75 00 74 00 70 00 75 00 74 .r. .o.u .t.p.u.t > [01B0] 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 ........ ........ > [01C0] 00 49 00 50 00 43 00 24 00 00 00 00 00 32 00 00 .I.P.C.$ .....2.. > [01D0] 00 00 00 00 00 32 00 00 00 49 00 50 00 43 00 20 .....2.. .I.P.C. > [01E0] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. > [01F0] 00 28 00 68 00 61 00 77 00 6B 00 69 00 6E 00 67 .(.h.a.w .k.i.n.g >[2013/01/14 15:31:53.934885, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 60 >[2013/01/14 15:31:53.935088, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3c >[2013/01/14 15:31:53.935152, 3] smbd/process.c:1662(process_smb) > Transaction 42 of length 64 (0 toread) >[2013/01/14 15:31:53.935215, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.935251, 5] lib/util.c:342(show_msg) > size=60 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32768 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2624 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=11070 (0x2B3E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 104 (0x68) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 104 (0x68) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2013/01/14 15:31:53.935930, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.935972, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.936038, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.936115, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 104 >[2013/01/14 15:31:53.936187, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 1128, current_pdu_sent = 1024 returning 104 bytes. >[2013/01/14 15:31:53.936261, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 619 >[2013/01/14 15:31:53.936394, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 104 bytes. There is more data outstanding >[2013/01/14 15:31:53.936459, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=104 max=104 nread=104 >[2013/01/14 15:31:53.938009, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:53.938080, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:53.938143, 3] smbd/process.c:1662(process_smb) > Transaction 43 of length 46 (0 toread) >[2013/01/14 15:31:53.938205, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.938240, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2688 > smt_wct=3 > smb_vwv[ 0]=11070 (0x2B3E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:53.938672, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.938709, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.938774, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.938838, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11070 (numopen=1) >[2013/01/14 15:31:53.938902, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:53.938981, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:53.939055, 5] smbd/files.c:482(file_free) > freed files structure 11070 (0 used) >[2013/01/14 15:31:53.939121, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.939156, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2688 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:53.939587, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.941417, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:53.941488, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:53.941551, 3] smbd/process.c:1662(process_smb) > Transaction 44 of length 104 (0 toread) >[2013/01/14 15:31:53.941613, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.941648, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2752 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2013/01/14 15:31:53.942652, 10] ../lib/util/util.c:415(dump_data) > [0000] A4 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [0010] 00 . >[2013/01/14 15:31:53.942815, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.942880, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.942954, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = srvsvc >[2013/01/14 15:31:53.943027, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \srvsvc. >[2013/01/14 15:31:53.943097, 5] smbd/files.c:140(file_new) > allocated file structure 6975, fnum = 11071 (1 used) >[2013/01/14 15:31:53.943170, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2013/01/14 15:31:53.943248, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \srvsvc >[2013/01/14 15:31:53.943321, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \srvsvc >[2013/01/14 15:31:53.943383, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc >[2013/01/14 15:31:53.943468, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \srvsvc (pipes_open=0) >[2013/01/14 15:31:53.943535, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2013/01/14 15:31:53.943992, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:53.944062, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:53.944125, 3] smbd/process.c:1662(process_smb) > Transaction 45 of length 160 (0 toread) >[2013/01/14 15:31:53.944187, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.944222, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2816 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11071 (0x2B3F) > smb_bcc=89 >[2013/01/14 15:31:53.945046, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:53.945519, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.945584, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.945657, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:53.945724, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.945784, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.945846, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.945908, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3f) >[2013/01/14 15:31:53.945972, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.946036, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:53.946100, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:53.946163, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:53.946227, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.946311, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.946372, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.946433, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:53.946500, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.946561, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.946622, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:53.946687, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.946766, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.947861, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:53.947926, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:53.947990, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:53.948052, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \srvsvc >[2013/01/14 15:31:53.948116, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2013/01/14 15:31:53.948204, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.949210, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:53.949293, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:53.949358, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:53.949425, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:53.949499, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:53.949565, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:53.949629, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.949664, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2816 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:53.950314, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:53.952166, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 148 >[2013/01/14 15:31:53.952239, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x94 >[2013/01/14 15:31:53.952302, 3] smbd/process.c:1662(process_smb) > Transaction 46 of length 152 (0 toread) >[2013/01/14 15:31:53.952364, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.952399, 5] lib/util.c:342(show_msg) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2880 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11071 (0x2B3F) > smb_bcc=81 >[2013/01/14 15:31:53.953185, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 40 00 00 00 01 00 00 ?....... .@...... > [0020] 00 28 00 00 00 00 00 15 00 18 4A 17 00 0A 00 00 .(...... ..J..... > [0030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 48 00 61 ........ .\.\.H.a > [0040] 00 77 00 6B 00 69 00 6E 00 67 00 00 00 65 00 00 .w.k.i.n .g...e.. > [0050] 00 . >[2013/01/14 15:31:53.953645, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.953709, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.953781, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=64 params=0 setup=2 >[2013/01/14 15:31:53.953847, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.953907, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.953969, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.954030, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "srvsvc" (pnum 2b3f) >[2013/01/14 15:31:53.954094, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.954158, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 64 >[2013/01/14 15:31:53.954221, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2013/01/14 15:31:53.954283, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 >[2013/01/14 15:31:53.954347, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.954411, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.954472, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2013/01/14 15:31:53.954533, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 >[2013/01/14 15:31:53.954598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.954659, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2013/01/14 15:31:53.954720, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 >[2013/01/14 15:31:53.954816, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.954888, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0040 (64) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000028 (40) > context_id : 0x0000 (0) > opnum : 0x0015 (21) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=40 > [0000] 18 4A 17 00 0A 00 00 00 00 00 00 00 0A 00 00 00 .J...... ........ > [0010] 5C 00 5C 00 48 00 61 00 77 00 6B 00 69 00 6E 00 \.\.H.a. w.k.i.n. > [0020] 67 00 00 00 65 00 00 00 g...e... >[2013/01/14 15:31:53.955900, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:53.955962, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:53.956027, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\srvsvc >[2013/01/14 15:31:53.956092, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2013/01/14 15:31:53.956160, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[21].fn == 0xb71a27f0 >[2013/01/14 15:31:53.956230, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\Hawking' > level : 0x00000065 (101) >[2013/01/14 15:31:53.956442, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1125(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1125 >[2013/01/14 15:31:53.956515, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1203(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1203 >[2013/01/14 15:31:53.956576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'HAWKING' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > server_type : 0x00009b23 (39715) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 0: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 1: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 0: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'hawking - the universe is expanding' > result : WERR_OK >[2013/01/14 15:31:53.958079, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \srvsvc successfully >[2013/01/14 15:31:53.958146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 48 >[2013/01/14 15:31:53.958230, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \srvsvc len: 1024 >[2013/01/14 15:31:53.958294, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 148. >[2013/01/14 15:31:53.958372, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00ac (172) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000094 (148) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=148 > [0000] 65 00 00 00 04 00 02 00 F4 01 00 00 08 00 02 00 e....... ........ > [0010] 04 00 00 00 09 00 00 00 23 9B 00 00 0C 00 02 00 ........ #....... > [0020] 08 00 00 00 00 00 00 00 08 00 00 00 48 00 41 00 ........ ....H.A. > [0030] 57 00 4B 00 49 00 4E 00 47 00 00 00 24 00 00 00 W.K.I.N. G...$... > [0040] 00 00 00 00 24 00 00 00 68 00 61 00 77 00 6B 00 ....$... h.a.w.k. > [0050] 69 00 6E 00 67 00 20 00 2D 00 20 00 74 00 68 00 i.n.g. . -. .t.h. > [0060] 65 00 20 00 75 00 6E 00 69 00 76 00 65 00 72 00 e. .u.n. i.v.e.r. > [0070] 73 00 65 00 20 00 69 00 73 00 20 00 65 00 78 00 s.e. .i. s. .e.x. > [0080] 70 00 61 00 6E 00 64 00 69 00 6E 00 67 00 00 00 p.a.n.d. i.n.g... > [0090] 00 00 00 00 .... >[2013/01/14 15:31:53.959991, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 48 >[2013/01/14 15:31:53.960068, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 172 bytes. There is no more data outstanding >[2013/01/14 15:31:53.960134, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..172] (align 0) >[2013/01/14 15:31:53.960231, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.960266, 5] lib/util.c:342(show_msg) > size=228 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=2880 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 172 (0xAC) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 172 (0xAC) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=173 >[2013/01/14 15:31:53.960889, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 AC 00 00 00 01 00 00 ........ ........ > [0010] 00 94 00 00 00 00 00 00 00 65 00 00 00 04 00 02 ........ .e...... > [0020] 00 F4 01 00 00 08 00 02 00 04 00 00 00 09 00 00 ........ ........ > [0030] 00 23 9B 00 00 0C 00 02 00 08 00 00 00 00 00 00 .#...... ........ > [0040] 00 08 00 00 00 48 00 41 00 57 00 4B 00 49 00 4E .....H.A .W.K.I.N > [0050] 00 47 00 00 00 24 00 00 00 00 00 00 00 24 00 00 .G...$.. .....$.. > [0060] 00 68 00 61 00 77 00 6B 00 69 00 6E 00 67 00 20 .h.a.w.k .i.n.g. > [0070] 00 2D 00 20 00 74 00 68 00 65 00 20 00 75 00 6E .-. .t.h .e. .u.n > [0080] 00 69 00 76 00 65 00 72 00 73 00 65 00 20 00 69 .i.v.e.r .s.e. .i > [0090] 00 73 00 20 00 65 00 78 00 70 00 61 00 6E 00 64 .s. .e.x .p.a.n.d > [00A0] 00 69 00 6E 00 67 00 00 00 00 00 00 00 .i.n.g.. ..... >[2013/01/14 15:31:53.962166, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:53.962236, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:53.962299, 3] smbd/process.c:1662(process_smb) > Transaction 47 of length 46 (0 toread) >[2013/01/14 15:31:53.962361, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.962396, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2944 > smt_wct=3 > smb_vwv[ 0]=11071 (0x2B3F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:53.962829, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.962866, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.962931, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.962995, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11071 (numopen=1) >[2013/01/14 15:31:53.963058, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:53.963134, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \srvsvc >[2013/01/14 15:31:53.963207, 5] smbd/files.c:482(file_free) > freed files structure 11071 (0 used) >[2013/01/14 15:31:53.963272, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.963307, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=2944 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:53.963657, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:53.965299, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 100 >[2013/01/14 15:31:53.965370, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2013/01/14 15:31:53.965432, 3] smbd/process.c:1662(process_smb) > Transaction 48 of length 104 (0 toread) >[2013/01/14 15:31:53.965494, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.965529, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3008 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2013/01/14 15:31:53.966581, 10] ../lib/util/util.c:415(dump_data) > [0000] A4 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [0010] 00 . >[2013/01/14 15:31:53.966741, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.966805, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.966876, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x6, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = winreg >[2013/01/14 15:31:53.966946, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \winreg. >[2013/01/14 15:31:53.967015, 5] smbd/files.c:140(file_new) > allocated file structure 6976, fnum = 11072 (1 used) >[2013/01/14 15:31:53.967087, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/winreg hash 0x718d6f2 >[2013/01/14 15:31:53.967161, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2013/01/14 15:31:53.967234, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2013/01/14 15:31:53.967297, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2013/01/14 15:31:53.967378, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2013/01/14 15:31:53.967444, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \winreg >[2013/01/14 15:31:53.967528, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.967592, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:53.967654, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:53.967764, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:31:53.967904, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2013/01/14 15:31:53.967972, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2013/01/14 15:31:53.968035, 3] smbd/process.c:1662(process_smb) > Transaction 49 of length 160 (0 toread) >[2013/01/14 15:31:53.968098, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.968133, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3072 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11072 (0x2B40) > smb_bcc=89 >[2013/01/14 15:31:53.968922, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 .0.0.... ........ > [0030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [0040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2013/01/14 15:31:53.969428, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.969499, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.969565, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-546846319-217595157-9522986-500 > SID[ 1]: S-1-5-21-546846319-217595157-9522986-513 > SID[ 2]: S-1-22-2-2513 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-2500 > SID[ 7]: S-1-22-2-300002 > SID[ 8]: S-1-22-2-300003 > SID[ 9]: S-1-22-2-300004 > Privileges (0x 0): > Rights (0x 0): >[2013/01/14 15:31:53.969991, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2500 > Primary group is 2513 and contains 4 supplementary groups > Group[ 0]: 2513 > Group[ 1]: 300002 > Group[ 2]: 300003 > Group[ 3]: 300004 >[2013/01/14 15:31:53.970201, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2500), gid=(0,2513) >[2013/01/14 15:31:53.970274, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2013/01/14 15:31:53.970341, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.970400, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.970462, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.970524, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b40) >[2013/01/14 15:31:53.970587, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.970651, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2013/01/14 15:31:53.970714, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2013/01/14 15:31:53.970776, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2013/01/14 15:31:53.970839, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.970904, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.970965, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.971026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2013/01/14 15:31:53.971090, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.971152, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2013/01/14 15:31:53.971213, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2013/01/14 15:31:53.971278, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.971352, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x1630 (5680) > max_recv_frag : 0x1630 (5680) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 338cd001-2244-31f1-aaaa-900038001003 > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.972437, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2013/01/14 15:31:53.972502, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2013/01/14 15:31:53.972565, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2013/01/14 15:31:53.972627, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \winreg >[2013/01/14 15:31:53.972692, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\winreg -> \PIPE\winreg >[2013/01/14 15:31:53.972773, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\winreg' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2013/01/14 15:31:53.973790, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2013/01/14 15:31:53.973872, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:53.973937, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2013/01/14 15:31:53.974004, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:53.974079, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2013/01/14 15:31:53.974144, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2013/01/14 15:31:53.974239, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.974274, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3072 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2013/01/14 15:31:53.974893, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2013/01/14 15:31:53.975656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2013/01/14 15:31:53.975726, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2013/01/14 15:31:53.975789, 3] smbd/process.c:1662(process_smb) > Transaction 50 of length 124 (0 toread) >[2013/01/14 15:31:53.975851, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.975886, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3136 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11072 (0x2B40) > smb_bcc=53 >[2013/01/14 15:31:53.976689, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ?....... .$...... > [0020] 00 0C 00 00 00 00 00 02 00 70 FD EF 00 68 74 01 ........ .p...ht. > [0030] 00 00 00 00 02 ..... >[2013/01/14 15:31:53.977008, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.977073, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.977143, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=36 params=0 setup=2 >[2013/01/14 15:31:53.977210, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.977269, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.977331, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.977392, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b40) >[2013/01/14 15:31:53.977456, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.977519, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 36 >[2013/01/14 15:31:53.977582, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2013/01/14 15:31:53.977644, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 36 >[2013/01/14 15:31:53.977708, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.977772, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.977833, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 20 >[2013/01/14 15:31:53.977928, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 20 >[2013/01/14 15:31:53.977993, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.978054, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 20 >[2013/01/14 15:31:53.978115, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 20, incoming data = 20 >[2013/01/14 15:31:53.978180, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.978251, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > opnum : 0x0002 (2) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 70 FD EF 00 68 74 01 00 00 00 00 02 p...ht.. .... >[2013/01/14 15:31:53.979074, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:53.979137, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:53.979200, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:53.979266, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0x2 - api_rpcTNP: rpc command: WINREG_OPENHKLM >[2013/01/14 15:31:53.979333, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[2].fn == 0xb715f0b0 >[2013/01/14 15:31:53.979399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : * > system_name : 0x7468 (29800) > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2013/01/14 15:31:53.979851, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2013/01/14 15:31:53.979921, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2500, 2513) : sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:53.979991, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.980053, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2013/01/14 15:31:53.980116, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:31:53.980176, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:31:53.980401, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2500, 2513) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:31:53.980498, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2013/01/14 15:31:53.980568, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2013/01/14 15:31:53.980629, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2013/01/14 15:31:53.980693, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:53.980754, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM] >[2013/01/14 15:31:53.980875, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2013/01/14 15:31:53.980974, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2013/01/14 15:31:53.981046, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:53.981214, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-f450-396b06700000 > result : WERR_OK >[2013/01/14 15:31:53.981491, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:53.981558, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 20 >[2013/01/14 15:31:53.981644, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:53.981708, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:53.981786, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 00 00 00 00 .p...... >[2013/01/14 15:31:53.982634, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:53.982711, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:53.982777, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:53.982840, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.982875, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3136 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:53.983531, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 18 00 00 ........ ........ > [0020] 00 00 00 00 00 F4 50 39 6B 06 70 00 00 00 00 00 ......P9 k.p..... > [0030] 00 . >[2013/01/14 15:31:53.985352, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 228 >[2013/01/14 15:31:53.985425, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe4 >[2013/01/14 15:31:53.985488, 3] smbd/process.c:1662(process_smb) > Transaction 51 of length 232 (0 toread) >[2013/01/14 15:31:53.985550, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.985585, 5] lib/util.c:342(show_msg) > size=228 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3200 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 144 (0x90) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 144 (0x90) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11072 (0x2B40) > smb_bcc=161 >[2013/01/14 15:31:53.986390, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] A4 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ > [0020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 18 00 00 .x...... ........ > [0030] 00 00 00 00 00 F4 50 39 6B 06 70 00 00 46 00 46 ......P9 k.p..F.F > [0040] 00 84 1B A8 52 23 00 00 00 00 00 00 00 23 00 00 ....R#.. .....#.. > [0050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E > [0060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o > [0070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d > [0080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e > [0090] 00 6E 00 74 00 00 00 00 00 00 00 00 00 3F 00 0F .n.t.... .....?.. > [00A0] 00 . >[2013/01/14 15:31:53.987159, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.987225, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.987298, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=144 params=0 setup=2 >[2013/01/14 15:31:53.987365, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.987424, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.987486, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.987548, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b40) >[2013/01/14 15:31:53.987613, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.987677, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 144 >[2013/01/14 15:31:53.987740, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2013/01/14 15:31:53.987802, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 144 >[2013/01/14 15:31:53.987865, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.987929, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.987990, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 128 >[2013/01/14 15:31:53.988087, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 128 >[2013/01/14 15:31:53.988152, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.988212, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 128 >[2013/01/14 15:31:53.988273, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 128, incoming data = 128 >[2013/01/14 15:31:53.988338, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.988411, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0090 (144) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000078 (120) > context_id : 0x0000 (0) > opnum : 0x000f (15) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=120 > [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 46 00 46 00 84 1B A8 52 23 00 00 00 .p..F.F. ...R#... > [0020] 00 00 00 00 23 00 00 00 53 00 4F 00 46 00 54 00 ....#... S.O.F.T. > [0030] 57 00 41 00 52 00 45 00 5C 00 4D 00 69 00 63 00 W.A.R.E. \.M.i.c. > [0040] 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 53 00 r.o.s.o. f.t.\.S. > [0050] 63 00 68 00 65 00 64 00 75 00 6C 00 69 00 6E 00 c.h.e.d. u.l.i.n. > [0060] 67 00 41 00 67 00 65 00 6E 00 74 00 00 00 00 00 g.A.g.e. n.t..... > [0070] 00 00 00 00 3F 00 0F 00 ....?... >[2013/01/14 15:31:53.989931, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:53.989993, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:53.990057, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:53.990122, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2013/01/14 15:31:53.990189, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[15].fn == 0xb715cb30 >[2013/01/14 15:31:53.990262, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-f450-396b06700000 > keyname: struct winreg_String > name_len : 0x0046 (70) > name_size : 0x0046 (70) > name : * > name : 'SOFTWARE\Microsoft\SchedulingAgent' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x000f003f (983103) > 1: KEY_QUERY_VALUE > 1: KEY_SET_VALUE > 1: KEY_CREATE_SUB_KEY > 1: KEY_ENUMERATE_SUB_KEYS > 1: KEY_NOTIFY > 1: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2013/01/14 15:31:53.991147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:53.991316, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2013/01/14 15:31:53.991379, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2013/01/14 15:31:53.991447, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2013/01/14 15:31:53.991508, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2013/01/14 15:31:53.991572, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:53.991632, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE] >[2013/01/14 15:31:53.991757, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2013/01/14 15:31:53.991855, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2013/01/14 15:31:53.991918, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2013/01/14 15:31:53.991986, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:53.992047, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:53.992110, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:53.992169, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:53.992266, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2013/01/14 15:31:53.992365, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SchedulingAgent] >[2013/01/14 15:31:53.992431, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2013/01/14 15:31:53.992501, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:53.992562, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:53.992626, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2013/01/14 15:31:53.992686, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb779a460 for key [\HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2013/01/14 15:31:53.992768, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] not found >[2013/01/14 15:31:53.992832, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2013/01/14 15:31:53.992899, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2013/01/14 15:31:53.992963, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2013/01/14 15:31:53.993026, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_BADFILE >[2013/01/14 15:31:53.993331, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:53.993397, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 128 >[2013/01/14 15:31:53.993480, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:53.993544, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:53.993620, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 02 00 00 00 ........ >[2013/01/14 15:31:53.994467, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:53.994541, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:53.994606, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:53.994670, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.994705, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3200 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:53.995326, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [0030] 00 . >[2013/01/14 15:31:53.996063, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2013/01/14 15:31:53.996134, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2013/01/14 15:31:53.996197, 3] smbd/process.c:1662(process_smb) > Transaction 52 of length 132 (0 toread) >[2013/01/14 15:31:53.996258, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:53.996312, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3264 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=11072 (0x2B40) > smb_bcc=61 >[2013/01/14 15:31:53.997130, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 3F 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ?....... .,...... > [0020] 00 14 00 00 00 00 00 05 00 00 00 00 00 18 00 00 ........ ........ > [0030] 00 00 00 00 00 F4 50 39 6B 06 70 00 00 ......P9 k.p.. >[2013/01/14 15:31:53.997439, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:53.997504, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:53.997577, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2013/01/14 15:31:53.997644, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2013/01/14 15:31:53.997703, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2013/01/14 15:31:53.997765, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2013/01/14 15:31:53.997827, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "winreg" (pnum 2b40) >[2013/01/14 15:31:53.997891, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb8d21060 max_trans_reply: 1024 >[2013/01/14 15:31:53.997955, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2013/01/14 15:31:53.998018, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2013/01/14 15:31:53.998080, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2013/01/14 15:31:53.998144, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2013/01/14 15:31:53.998208, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2013/01/14 15:31:53.998269, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2013/01/14 15:31:53.998330, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2013/01/14 15:31:53.998395, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2013/01/14 15:31:53.998456, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2013/01/14 15:31:53.998517, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2013/01/14 15:31:53.998581, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2013/01/14 15:31:53.998653, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0005 (5) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:53.999589, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2013/01/14 15:31:53.999651, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2013/01/14 15:31:53.999715, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\winreg >[2013/01/14 15:31:53.999780, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2013/01/14 15:31:53.999847, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[5].fn == 0xb715e7e0 >[2013/01/14 15:31:53.999914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-f450-396b06700000 >[2013/01/14 15:31:54.000154, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:54.000320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 F4 50 39 6B ........ .....P9k > [0010] 06 70 00 00 .p.. >[2013/01/14 15:31:54.000485, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2013/01/14 15:31:54.000548, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2013/01/14 15:31:54.000632, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2013/01/14 15:31:54.000906, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \winreg successfully >[2013/01/14 15:31:54.000971, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2013/01/14 15:31:54.001054, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \winreg len: 1024 >[2013/01/14 15:31:54.001118, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \winreg: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2013/01/14 15:31:54.001194, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2013/01/14 15:31:54.002038, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2013/01/14 15:31:54.002143, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2013/01/14 15:31:54.002209, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2013/01/14 15:31:54.002272, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:54.002307, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51584 > smb_uid=101 > smb_mid=3264 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2013/01/14 15:31:54.002925, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2013/01/14 15:31:54.004626, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 42 >[2013/01/14 15:31:54.004697, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2a >[2013/01/14 15:31:54.004760, 3] smbd/process.c:1662(process_smb) > Transaction 53 of length 46 (0 toread) >[2013/01/14 15:31:54.004822, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:54.004857, 5] lib/util.c:342(show_msg) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=3328 > smt_wct=3 > smb_vwv[ 0]=11072 (0x2B40) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2013/01/14 15:31:54.005289, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:31:54.005326, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 28678) conn 0xb8d20d18 >[2013/01/14 15:31:54.005391, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2013/01/14 15:31:54.005455, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=11072 (numopen=1) >[2013/01/14 15:31:54.005519, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Wed Dec 31 18:59:59 1969 >[2013/01/14 15:31:54.005597, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2013/01/14 15:31:54.005670, 5] smbd/files.c:482(file_free) > freed files structure 11072 (0 used) >[2013/01/14 15:31:54.005735, 5] lib/util.c:332(show_msg) >[2013/01/14 15:31:54.005770, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=49155 > smb_tid=1 > smb_pid=51966 > smb_uid=101 > smb_mid=3328 > smt_wct=0 > smb_bcc=0 >[2013/01/14 15:31:54.006120, 10] ../lib/util/util.c:415(dump_data) >[2013/01/14 15:32:08.209496, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:32:08.209655, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:32:08.209718, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:32:08.209834, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:32:08.209914, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:32:08.209976, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:32:08.210036, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:32:08.210130, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:32:08.210261, 3] smbd/service.c:1378(close_cnum) > proserver (192.168.7.2) closed connection to service IPC$ >[2013/01/14 15:32:08.210343, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ >[2013/01/14 15:32:08.210569, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 06700000FFFFFFFFB069 >[2013/01/14 15:32:08.210668, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8d33320 >[2013/01/14 15:32:08.210781, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 06700000FFFFFFFFB069 >[2013/01/14 15:32:08.211007, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2013/01/14 15:32:08.211079, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2013/01/14 15:32:08.211142, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2013/01/14 15:32:08.211202, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2013/01/14 15:32:08.211298, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2013/01/14 15:32:08.211394, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F32383637382F31 >[2013/01/14 15:32:08.211477, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8d26018 >[2013/01/14 15:32:08.211565, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F32383637382F31 >[2013/01/14 15:32:08.211784, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9561
:
8425
| 8426 |
8427