[2005/01/14 17:43:55, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 96 [2005/01/14 17:43:55, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x60 [2005/01/14 17:43:55, 3] smbd/process.c:process_smb(1091) Transaction 63 of length 100 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=716 smb_uid=101 smb_mid=56256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] 78 5C 00 73 00 61 00 6D 00 72 00 00 00 x\.s.a.m .r... [2005/01/14 17:43:55, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:55, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2005/01/14 17:43:55, 4] smbd/nttrans.c:nt_open_pipe(497) nt_open_pipe: Opening pipe \samr. [2005/01/14 17:43:55, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=2) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name NETLOGON pnum=7520 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name NETLOGON pnum=751e [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested samr [2005/01/14 17:43:55, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2005/01/14 17:43:55, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe samr (pipes_open=2) [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe samr with handle 7524 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name samr pnum=7524 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name NETLOGON pnum=7520 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name NETLOGON pnum=751e [2005/01/14 17:43:55, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) do_ntcreate_pipe_open: open pipe = \samr [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=716 smb_uid=101 smb_mid=56256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(449) write_socket(5,107) [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(452) write_socket(5,107) wrote 107 [2005/01/14 17:43:55, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 156 [2005/01/14 17:43:55, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x9c [2005/01/14 17:43:55, 3] smbd/process.c:process_smb(1091) Transaction 64 of length 160 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=716 smb_uid=101 smb_mid=56320 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29988 (0x7524) smb_bcc=89 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [040] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/01/14 17:43:55, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:55, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=72 params=0 setup=2 [2005/01/14 17:43:55, 5] smbd/ipc.c:reply_trans(557) calling named_pipe [2005/01/14 17:43:55, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/01/14 17:43:55, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:55, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 7524) [2005/01/14 17:43:55, 10] smbd/ipc.c:api_fd_reply(301) api_fd_reply: p:0x83746e0 max_trans_reply: 1024 [2005/01/14 17:43:55, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7524 name: samr open: Yes len: 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 0b [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0048 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000001 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 11 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) api_pipe_bind_req: decode request. 876 [2005/01/14 17:43:55, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0000 max_tsize: 10b8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0002 max_rsize: 10b8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 assoc_gid: 00000000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0008 num_elements: 00000001 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000c context_id : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 000e num_syntaxes: 01 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/01/14 17:43:55, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 data : 12345778 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 data : 1234 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0016 data : abcd [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 0018 data : ef 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 001a data : 01 23 45 67 89 ac [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0020 version: 00000001 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/01/14 17:43:55, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0024 data : 8a885d04 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0028 data : 1ceb [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 002a data : 11c9 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 002c data : 9f e8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 002e data : 08 00 2b 10 48 60 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0034 version: 00000002 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) api_pipe_bind_req: make response. 1017 [2005/01/14 17:43:55, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0000 max_tsize: 10b8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0002 max_rsize: 10b8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 assoc_gid: 000053f0 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 len: 000c [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000a str: \PIPE\lsass. [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0018 num_results: 01 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 001c result : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 001e reason : 0000 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/01/14 17:43:55, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0020 data : 8a885d04 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0024 data : 1ceb [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0026 data : 11c9 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 0028 data : 9f e8 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 002a data : 08 00 2b 10 48 60 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0030 version: 00000002 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 0c [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0044 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000001 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 56 [2005/01/14 17:43:55, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7524 name: samr len: 1024 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/01/14 17:43:55, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..68] [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=716 smb_uid=101 smb_mid=56320 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(449) write_socket(5,128) [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(452) write_socket(5,128) wrote 128 [2005/01/14 17:43:55, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 132 [2005/01/14 17:43:55, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x84 [2005/01/14 17:43:55, 3] smbd/process.c:process_smb(1091) Transaction 65 of length 136 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=132 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56384 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 68 (0x44) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=69 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] EE 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 2C 00 00 00 00 00 3E 00 80 F7 0D 00 09 00 00 .,.....> ........ [020] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [030] 00 52 00 56 00 45 00 52 00 00 00 00 00 02 00 00 .R.V.E.R ........ [040] 00 20 00 00 00 . ... [2005/01/14 17:43:55, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:55, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7524 name: samr open: Yes len: 68 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 68 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 52 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0044 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000001 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 52 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 alloc_hint: 0000002c [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0004 context_id: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0006 opnum : 003e [2005/01/14 17:43:55, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) Requested \PIPE\samr [2005/01/14 17:43:55, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/01/14 17:43:55, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) api_rpc_cmds[47].fn == 0x8138d40 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 ptr_srv_name: 000df780 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 uni_max_len: 00000009 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0008 offset : 00000000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c uni_str_len: 00000009 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 0010 buffer : \.\.S.E.R.V.E.R... [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0024 unk_0: 00000002 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0028 access_mask: 00000020 [2005/01/14 17:43:55, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2463) _samr_connect4: 2463 [2005/01/14 17:43:55, 10] lib/util_seaccess.c:se_access_check(234) se_access_check: requested access 0x00000020, for NT token with 6 entries and first sid S-1-5-21-598206826-3982707997-2769875126-501. [2005/01/14 17:43:55, 3] lib/util_seaccess.c:se_access_check(251) [2005/01/14 17:43:55, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-598206826-3982707997-2769875126-501 se_access_check: also S-1-5-21-598206826-3982707997-2769875126-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-598206826-3982707997-2769875126-132067 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 20 [2005/01/14 17:43:55, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (20) granted. [2005/01/14 17:43:55, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(144) get_samr_info_by_sid: created new info for sid (NULL) [2005/01/14 17:43:55, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(148) get_samr_info_by_sid: created new info for NULL sid. [2005/01/14 17:43:55, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 05 00 00 00 00 00 00 00 CB F6 E7 41 ........ .......A [010] 90 5B 00 00 .[.. [2005/01/14 17:43:55, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2494) _samr_connect: 2494 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 00000005 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: cb f6 e7 41 90 5b 00 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) 0014 status: NT_STATUS_OK [2005/01/14 17:43:55, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called samr successfully [2005/01/14 17:43:55, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 750 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 52 [2005/01/14 17:43:55, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7524 nwritten=68 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56384 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 68 (0x44) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(449) write_socket(5,51) [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(452) write_socket(5,51) wrote 51 [2005/01/14 17:43:55, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 59 [2005/01/14 17:43:55, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x3b [2005/01/14 17:43:55, 3] smbd/process.c:process_smb(1091) Transaction 66 of length 63 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:55, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:55, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7524 name: samr len: 1024 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 02 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0030 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000001 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000018 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0016 cancel_ct : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0017 reserved : 00 [2005/01/14 17:43:55, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7524 min=1024 max=1024 nread=48 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 ........ ........ [020] 00 00 00 00 CB F6 E7 41 90 5B 00 00 00 00 00 00 .......A .[...... [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(449) write_socket(5,111) [2005/01/14 17:43:55, 6] lib/util_sock.c:write_socket(452) write_socket(5,111) wrote 111 [2005/01/14 17:43:55, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 136 [2005/01/14 17:43:55, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x88 [2005/01/14 17:43:55, 3] smbd/process.c:process_smb(1091) Transaction 67 of length 140 [2005/01/14 17:43:55, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:55, 5] lib/util.c:show_msg(474) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56512 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/01/14 17:43:55, 10] lib/util.c:dump_data(1977) [000] EE 05 00 00 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... [010] 00 30 00 00 00 00 00 05 00 00 00 00 00 05 00 00 .0...... ........ [020] 00 00 00 00 00 CB F6 E7 41 90 5B 00 00 08 00 0A ........ A.[..... [030] 00 40 AD DC 07 05 00 00 00 00 00 00 00 04 00 00 .@...... ........ [040] 00 49 00 2D 00 42 00 4E 00 .I.-.B.N . [2005/01/14 17:43:55, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:55, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:55, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7524 name: samr open: Yes len: 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0048 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000002 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/01/14 17:43:55, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 alloc_hint: 00000030 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0004 context_id: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0006 opnum : 0005 [2005/01/14 17:43:55, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/01/14 17:43:55, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) Requested \PIPE\samr [2005/01/14 17:43:55, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/01/14 17:43:55, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) api_rpc_cmds[41].fn == 0x8138ec0 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_domain [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 00000005 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: cb f6 e7 41 90 5b 00 00 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unihdr hdr_domain [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 uni_str_len: 0008 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0016 uni_max_len: 000a [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0018 buffer : 07dcad40 [2005/01/14 17:43:55, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 uni_domain [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 001c uni_max_len: 00000005 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0020 offset : 00000000 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0024 uni_str_len: 00000004 [2005/01/14 17:43:55, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 0028 buffer : I.-.B.N. [2005/01/14 17:43:55, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 CB F6 E7 41 ........ .......A [010] 90 5B 00 00 .[.. [2005/01/14 17:43:56, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_lookup_domain: access check ((granted: 0x00000020; required: 0x00000010) [2005/01/14 17:43:56, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_lookup_domain: ACCESS DENIED (granted: 0x00000020; required: 0x00000010) [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_domain [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 ptr: 00000000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) 0004 status: NT_STATUS_ACCESS_DENIED [2005/01/14 17:43:56, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called samr successfully [2005/01/14 17:43:56, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 10 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 56 [2005/01/14 17:43:56, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7524 nwritten=72 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56512 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(449) write_socket(5,51) [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(452) write_socket(5,51) wrote 51 [2005/01/14 17:43:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 59 [2005/01/14 17:43:56, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x3b [2005/01/14 17:43:56, 3] smbd/process.c:process_smb(1091) Transaction 68 of length 63 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56576 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:56, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:56, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:56, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:56, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7524 name: samr len: 1024 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 8. [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 02 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0020 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000002 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000008 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0016 cancel_ct : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0017 reserved : 00 [2005/01/14 17:43:56, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7524 min=1024 max=1024 nread=32 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=91 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56576 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 32 (0x20) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=32 [2005/01/14 17:43:56, 10] lib/util.c:dump_data(1977) [000] 05 00 02 03 10 00 00 00 20 00 00 00 02 00 00 00 ........ ....... [010] 08 00 00 00 00 00 00 00 00 00 00 00 22 00 00 C0 ........ ...."... [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(449) write_socket(5,95) [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(452) write_socket(5,95) wrote 95 [2005/01/14 17:43:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 108 [2005/01/14 17:43:56, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x6c [2005/01/14 17:43:56, 3] smbd/process.c:process_smb(1091) Transaction 69 of length 112 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=108 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 44 (0x2C) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=45 [2005/01/14 17:43:56, 10] lib/util.c:dump_data(1977) [000] EE 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [010] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ [020] 00 00 00 00 00 CB F6 E7 41 90 5B 00 00 ........ A.[.. [2005/01/14 17:43:56, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:56, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:56, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:56, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7524 name: samr open: Yes len: 44 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 44 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 28 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 002c [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000003 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 28 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 alloc_hint: 00000014 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0004 context_id: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0006 opnum : 0001 [2005/01/14 17:43:56, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) Requested \PIPE\samr [2005/01/14 17:43:56, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/01/14 17:43:56, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) api_rpc_cmds[0].fn == 0x8136e90 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/01/14 17:43:56, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 00000005 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: cb f6 e7 41 90 5b 00 00 [2005/01/14 17:43:56, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 CB F6 E7 41 ........ .......A [010] 90 5B 00 00 .[.. [2005/01/14 17:43:56, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/01/14 17:43:56, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(365) samr_reply_close_hnd: 365 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/01/14 17:43:56, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 00000000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: 00 00 00 00 00 00 00 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) 0014 status: NT_STATUS_OK [2005/01/14 17:43:56, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called samr successfully [2005/01/14 17:43:56, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 28 [2005/01/14 17:43:56, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7524 nwritten=44 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56640 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 44 (0x2C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(449) write_socket(5,51) [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(452) write_socket(5,51) wrote 51 [2005/01/14 17:43:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 59 [2005/01/14 17:43:56, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x3b [2005/01/14 17:43:56, 3] smbd/process.c:process_smb(1091) Transaction 70 of length 63 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29988 (0x7524) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/01/14 17:43:56, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:56, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:56, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:56, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7524 name: samr len: 1024 [2005/01/14 17:43:56, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 02 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0030 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000003 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000018 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0016 cancel_ct : 00 [2005/01/14 17:43:56, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0017 reserved : 00 [2005/01/14 17:43:56, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7524 min=1024 max=1024 nread=48 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2005/01/14 17:43:56, 10] lib/util.c:dump_data(1977) [000] 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(449) write_socket(5,111) [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(452) write_socket(5,111) wrote 111 [2005/01/14 17:43:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 41 [2005/01/14 17:43:56, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x29 [2005/01/14 17:43:56, 3] smbd/process.c:process_smb(1091) Transaction 71 of length 45 [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56768 smt_wct=3 smb_vwv[ 0]=29988 (0x7524) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2005/01/14 17:43:56, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 23440) conn 0x8374ff8 [2005/01/14 17:43:56, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/01/14 17:43:56, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7524 [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name samr pnum=7524 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=7520 (pipes_open=3) [2005/01/14 17:43:56, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name NETLOGON pnum=751e (pipes_open=3) [2005/01/14 17:43:56, 5] smbd/pipes.c:reply_pipe_close(260) reply_pipe_close: pnum:7524 [2005/01/14 17:43:56, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe samr [2005/01/14 17:43:56, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name samr pnum=7524 (pipes_open=2) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(464) [2005/01/14 17:43:56, 5] lib/util.c:show_msg(474) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=56768 smt_wct=0 smb_bcc=0 [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(449) write_socket(5,39) [2005/01/14 17:43:56, 6] lib/util_sock.c:write_socket(452) write_socket(5,39) wrote 39