Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
- make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
- is_trusted_domain: Checking for domain trust with [SEMARKIT]
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
- ldapsam_get_trusteddom_pw called for domain SEMARKIT
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
- The connection to the LDAP server was closed
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
- smb_ldap_setup_connection: ldap://127.0.0.1:389
- [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
- smbldap_open_connection: connection opened
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
- ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
- [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
- ldap_connect_system: successful connection to the LDAP server
- ldap_connect_system: LDAP server does support paged results
- [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
- Added timed event "smbldap_idle_fn": 1032a60
- [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
- The LDAP server is successfully connected
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
- Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = TDOM/SEMARKIT couldn't be found
- [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
- no entry for trusted domain SEMARKIT found.
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
- attempting to make a user_info for Admin (Admin)
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
- making strings for Admin's user_info struct
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
- making blobs for Admin's user_info struct
- [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
- made an encrypted user_info for Admin (Admin)
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
- check_ntlm_password: Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
- check_ntlm_password: mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
- check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
- challenge is:
- [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
- [000] 11 32 62 0D E9 D0 87 63 .2b....c
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
- check_ntlm_password: guest had nothing to say
- [2010/02/14 20:52:57, 8] lib/util.c:is_myname(2098)
- is_myname("SEMARKIT") returns 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
- init_sam_from_ldap: Entry found for user: Admin
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
- pdb_set_username: setting username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 12 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
- pdb_set_domain: setting domain SEMARKIT, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 14 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
- pdb_set_nt_username: setting nt username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 15 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
- pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
- pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 18 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
- element 18: SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 21 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 5 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 6 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 7 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 9 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 10 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute displayName does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
- pdb_set_full_name: setting full name Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 13 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaHomeDrive does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
- pdb_set_dir_drive: setting dir drive H:, was NULL
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 3 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaHomePath does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
- pdb_set_homedir: setting home dir \\hds-linux\admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 1 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaLogonScript does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
- pdb_set_logon_script: setting logon script scripts/logon.bat, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 4 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaProfilePath does not exist
- [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
- Home server: hds-linux
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
- pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 2 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute description does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaUserWorkstations does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaMungedDial does not exist
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 32 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 33 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = ACCT_POL/password history couldn't be found
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
- ldapsam_get_account_policy_from_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
- ldapsam_get_account_policy: failed to retrieve from ldap
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
- ldapsam_set_account_policy_in_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
- smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] smbd/reply.c:reply_special(472)
- init msg_type=0x81 msg_flags=0x0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
- read_socket_with_timeout: blocking read. EOF from client.
- [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
- receive_smb_raw: NT_STATUS_END_OF_FILE
- [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
- receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
- [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
- Closing cache file
- [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
- namecache_shutdown: netbios namecache closed successfully.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x10b9350
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(42)
- deleting connection record returned NT_STATUS_NOT_FOUND
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
- Server exit (normal exit)
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/password history; value = 0
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/password history; value = 0
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 20 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 16 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 17 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaBadPasswordCount does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaBadPasswordTime does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaLogonHours does not exist
- [2010/02/14 20:52:57, 5] passdb/login_cache.c:login_cache_init(40)
- Opening cache file at /var/cache/samba/login_cache.tdb
- [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(86)
- Looking up login cache for user Admin
- [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(100)
- No cache entry found
- [2010/02/14 20:52:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
- No cache entry, bad count = 0, bad time = 0
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
- element 35 -> now CHANGED
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = ACCT_POL/maximum password age couldn't be found
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
- ldapsam_get_account_policy_from_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
- ldapsam_get_account_policy: failed to retrieve from ldap
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
- ldapsam_set_account_policy_in_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
- smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
- Finding user Admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
- Trying _Get_Pwnam(), username as lowercase is admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(85)
- Trying _Get_Pwnam(), username as given is Admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(95)
- Trying _Get_Pwnam(), username as uppercase is ADMIN
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(104)
- Checking combinations of 0 uppercase letters in admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
- Get_Pwnam_internals didn't find user [Admin]!
- [2010/02/14 20:52:57, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
- pdb_get_group_sid: Failed to find Unix account for Admin
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 3: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 1: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 4: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 2: DEFAULT
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 5 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 6 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 7 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 8 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 9 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 10 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 21 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
- pdb_set_username: setting username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 12 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
- pdb_set_domain: setting domain SEMARKIT, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 14 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
- pdb_set_nt_username: setting nt username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 15 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
- pdb_set_full_name: setting full name Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 13 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
- pdb_set_homedir: setting home dir \\hds-linux\admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 1 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
- pdb_set_dir_drive: setting dir drive H:, was NULL
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 3 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
- pdb_set_logon_script: setting logon script scripts/logon.bat, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 4 -> now DEFAULT
- [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
- Home server: hds-linux
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
- pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 2 -> now DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 23 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
- pdb_set_workstations: setting workstations , was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 24 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 26 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 33 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 34 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
- pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 18 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 16 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 29 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 30 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 31 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 20 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 17 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 27 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 9] passdb/passdb.c:pdb_update_autolock_flag(1417)
- pdb_update_autolock_flag: Account Admin not autolocked, no check needed
- [2010/02/14 20:52:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328)
- ntlm_password_check: Checking NT MD4 password
- [2010/02/14 20:52:57, 4] auth/auth_sam.c:sam_account_ok(137)
- sam_account_ok: Checking SMB password for user Admin
- [2010/02/14 20:52:57, 5] auth/auth_sam.c:logon_hours_ok(119)
- logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
- )
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 1] auth/auth_util.c:make_server_info_sam(562)
- User Admin in passdb, but getpwnam() fails!
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 0] auth/auth_sam.c:check_sam_security(355)
- check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
- [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(272)
- check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
- [2010/02/14 20:52:57, 3] auth/auth_winbind.c:check_winbind_security(54)
- check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
- check_ntlm_password: winbind had nothing to say
- [2010/02/14 20:52:57, 2] auth/auth.c:check_ntlm_password(318)
- check_ntlm_password: Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
- [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
- attempting to free (and zero) a user_info structure
- [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
- structure was created for Admin
- [2010/02/14 20:52:57, 3] smbd/error.c:error_packet_set(61)
- error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x73
- smb_rcls=109
- smb_reh=0
- smb_err=49152
- smb_flg=136
- smb_flg2=51201
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=128
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
- read_socket_with_timeout: blocking read. EOF from client.
- [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
- receive_smb_raw: NT_STATUS_END_OF_FILE
- [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
- receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
- [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
- Closing cache file
- [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
- namecache_shutdown: netbios namecache closed successfully.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x10ba880
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
- Server exit (normal exit)
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
- make_user_info_map: Mapping user []\[] from workstation [HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
- is_trusted_domain: Checking for domain trust with [SEMARKIT]
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
- ldapsam_get_trusteddom_pw called for domain SEMARKIT
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
- The connection to the LDAP server was closed
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
- smb_ldap_setup_connection: ldap://127.0.0.1:389
- [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
- smbldap_open_connection: connection opened
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
- ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
- [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
- ldap_connect_system: successful connection to the LDAP server
- ldap_connect_system: LDAP server does support paged results
- [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
- Added timed event "smbldap_idle_fn": 110bb80
- [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
- The LDAP server is successfully connected
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
- Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = TDOM/SEMARKIT couldn't be found
- [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
- no entry for trusted domain SEMARKIT found.
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
- attempting to make a user_info for ()
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
- making strings for 's user_info struct
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
- making blobs for 's user_info struct
- [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
- made an encrypted user_info for ()
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
- check_ntlm_password: Checking password for unmapped user []\[]@[HDS-VIRTBOX1] with the new password interface
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
- check_ntlm_password: mapped user is: [SEMARKIT]\[]@[HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
- check_ntlm_password: auth_context challenge created by random
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
- challenge is:
- [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
- [000] 74 D8 AD B0 A0 D9 03 BE t.......
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
- ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 3: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 1: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 4: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 2: DEFAULT
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 177
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 5 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 6 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 7 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 8 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 9 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 10 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 21 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
- pdb_set_username: setting username nobody, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 12 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
- pdb_set_domain: setting domain SEMARKIT, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 14 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
- pdb_set_nt_username: setting nt username , was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 15 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
- pdb_set_full_name: setting full name nobody, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 13 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
- pdb_set_homedir: setting home dir \\hds-linux\nobody, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 1 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
- pdb_set_dir_drive: setting dir drive H:, was NULL
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 3 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
- pdb_set_logon_script: setting logon script scripts/logon.bat, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 4 -> now DEFAULT
- [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
- Home server: hds-linux
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
- pdb_set_profile_path: setting profile path \\hds-linux\nobody\profile, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 2 -> now DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 23 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
- pdb_set_workstations: setting workstations , was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 24 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 26 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 34 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
- pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-501
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 18 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2934603361-1946261283-2740193522-501 from rid 501
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 16 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 29 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 30 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 31 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 20 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 17 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 27 -> now SET
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(269)
- check_ntlm_password: guest authentication for user [] succeeded
- [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(308)
- check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded
- [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
- attempting to free (and zero) a user_info structure
- [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
- structure was created for
- [2010/02/14 20:52:57, 10] auth/token_util.c:create_local_nt_token(302)
- Create local NT token for S-1-5-21-2934603361-1946261283-2740193522-501
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
- init_group_from_ldap: Entry found for group: 544
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1276)
- LEGACY: sid S-1-5-32-544 -> gid 544
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
- ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
- LEGACY: mapping failed for sid S-1-5-32-545
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
- get_privileges: No privileges assigned to SID [S-1-5-21-2934603361-1946261283-2740193522-501]
- [2010/02/14 20:52:57, 5] lib/privileges.c:get_privileges_for_sids(128)
- get_privileges_for_sids: sid = S-1-1-0
- Privilege set:
- SE_PRIV 0x0 0x0 0x0 0x0
- [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
- get_privileges: No privileges assigned to SID [S-1-5-2]
- [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
- get_privileges: No privileges assigned to SID [S-1-5-32-546]
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
- ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
- LEGACY: mapping failed for sid S-1-1-0
- [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
- Could not convert SID S-1-1-0 to gid, ignoring it
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
- ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
- LEGACY: mapping failed for sid S-1-5-2
- [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
- Could not convert SID S-1-5-2 to gid, ignoring it
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
- ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
- LEGACY: mapping failed for sid S-1-5-32-546
- [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
- Could not convert SID S-1-5-32-546 to gid, ignoring it
- [2010/02/14 20:52:57, 10] auth/token_util.c:debug_nt_user_token(470)
- NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
- contains 4 SIDs
- SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
- SID[ 1]: S-1-1-0
- SID[ 2]: S-1-5-2
- SID[ 3]: S-1-5-32-546
- SE_PRIV 0x0 0x0 0x0 0x0
- [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137)
- Got NT session key of length 16
- [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144)
- Got LM session key of length 16
- [2010/02/14 20:52:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848)
- ntlmssp_server_auth: Using unmodified nt session key.
- [2010/02/14 20:52:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
- NTLMSSP Sign/Seal - Initialising with flags:
- [2010/02/14 20:52:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
- Got NTLMSSP neg_flags=0xa2088205
- NTLMSSP_NEGOTIATE_UNICODE
- NTLMSSP_REQUEST_TARGET
- NTLMSSP_NEGOTIATE_NTLM
- NTLMSSP_NEGOTIATE_ALWAYS_SIGN
- NTLMSSP_NEGOTIATE_NTLM2
- NTLMSSP_NEGOTIATE_128
- NTLMSSP_NEGOTIATE_56
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 22: DEFAULT
- [2010/02/14 20:52:57, 10] smbd/password.c:register_existing_vuid(310)
- register_existing_vuid: (65534,65534) nobody SEMARKIT guest=1
- [2010/02/14 20:52:57, 3] smbd/password.c:register_existing_vuid(314)
- register_existing_vuid: User name: nobody Real name: nobody
- [2010/02/14 20:52:57, 3] smbd/password.c:register_existing_vuid(326)
- register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x73
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=128
- smt_wct=4
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 1 (0x1)
- smb_vwv[ 3]= 9 (0x9)
- smb_bcc=61
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x
- [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3
- [020] 00 2E 00 32 00 2E 00 35 00 00 00 53 00 45 00 4D ...2...5 ...S.E.M
- [030] 00 41 00 52 00 4B 00 49 00 54 00 00 00 .A.R.K.I .T...
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] smbd/reply.c:reply_special(472)
- init msg_type=0x81 msg_flags=0x0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
- read_socket_with_timeout: blocking read. EOF from client.
- [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
- receive_smb_raw: NT_STATUS_END_OF_FILE
- [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
- receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
- [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
- Closing cache file
- [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
- namecache_shutdown: netbios namecache closed successfully.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x10b9350
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(42)
- deleting connection record returned NT_STATUS_NOT_FOUND
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
- Server exit (normal exit)
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 84
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x54
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 3 of length 88 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=84
- smb_com=0x75
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=192
- smt_wct=4
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 84 (0x54)
- smb_vwv[ 2]= 8 (0x8)
- smb_vwv[ 3]= 1 (0x1)
- smb_bcc=41
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 5C 00 48 00 44 00 53 00 2D 00 4C 00 49 .\.\.H.D .S.-.L.I
- [010] 00 4E 00 55 00 58 00 5C 00 49 00 50 00 43 00 24 .N.U.X.\ .I.P.C.$
- [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtconX (pid 21948) conn 0x0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBtconX.32.req len 88
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 4] smbd/reply.c:reply_tcon_and_X(653)
- Client requested device type [?????] for share [IPC$]
- [2010/02/14 20:52:57, 5] smbd/service.c:make_connection(1384)
- making a connection to 'normal' service ipc$
- [2010/02/14 20:52:57, 3] lib/access.c:only_ipaddrs_in_list(362)
- only_ipaddrs_in_list: list has non-ip address (127.)
- [2010/02/14 20:52:57, 3] lib/access.c:check_access(396)
- check_access: hostnames in host allow/deny list.
- [2010/02/14 20:52:57, 2] lib/access.c:check_access(406)
- Allowed connection from UNKNOWN (::ffff:192.168.1.183)
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
- Finding user nobody
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
- Get_Pwnam_internals did find user [nobody]!
- [2010/02/14 20:52:57, 10] smbd/service.c:set_conn_connectpath(161)
- set_conn_connectpath: service IPC$, connectpath = /tmp
- [2010/02/14 20:52:57, 3] smbd/service.c:make_connection_snum(944)
- Connect path is '/tmp' for service [IPC$]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
- se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (2) granted.
- [2010/02/14 20:52:57, 3] smbd/vfs.c:vfs_init_default(96)
- Initialising default vfs hooks
- [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
- vfs_find_backend_entry called for /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:smb_register_vfs(86)
- Successfully added vfs backend '/[Default VFS]/'
- [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
- vfs_find_backend_entry called for posixacl
- [2010/02/14 20:52:57, 5] smbd/vfs.c:smb_register_vfs(86)
- Successfully added vfs backend 'posixacl'
- [2010/02/14 20:52:57, 3] smbd/vfs.c:vfs_init_custom(130)
- Initialising custom vfs hooks from [/[Default VFS]/]
- [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
- vfs_find_backend_entry called for /[Default VFS]/
- Successfully loaded vfs module [/[Default VFS]/] with the new modules system
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #0 (type 0, layer 0)
- Making operation type 0 opaque [module /[Default VFS]/]
- Accepting operation type 0 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #1 (type 1, layer 0)
- Making operation type 1 opaque [module /[Default VFS]/]
- Accepting operation type 1 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #2 (type 2, layer 0)
- Making operation type 2 opaque [module /[Default VFS]/]
- Accepting operation type 2 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #3 (type 3, layer 0)
- Making operation type 3 opaque [module /[Default VFS]/]
- Accepting operation type 3 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #4 (type 4, layer 0)
- Making operation type 4 opaque [module /[Default VFS]/]
- Accepting operation type 4 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #5 (type 5, layer 0)
- Making operation type 5 opaque [module /[Default VFS]/]
- Accepting operation type 5 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #6 (type 6, layer 0)
- Making operation type 6 opaque [module /[Default VFS]/]
- Accepting operation type 6 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #7 (type 7, layer 0)
- Making operation type 7 opaque [module /[Default VFS]/]
- Accepting operation type 7 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #8 (type 8, layer 0)
- Making operation type 8 opaque [module /[Default VFS]/]
- Accepting operation type 8 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #9 (type 9, layer 0)
- Making operation type 9 opaque [module /[Default VFS]/]
- Accepting operation type 9 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #10 (type 10, layer 0)
- Making operation type 10 opaque [module /[Default VFS]/]
- Accepting operation type 10 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #11 (type 11, layer 0)
- Making operation type 11 opaque [module /[Default VFS]/]
- Accepting operation type 11 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #12 (type 12, layer 0)
- Making operation type 12 opaque [module /[Default VFS]/]
- Accepting operation type 12 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #13 (type 13, layer 0)
- Making operation type 13 opaque [module /[Default VFS]/]
- Accepting operation type 13 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #14 (type 14, layer 0)
- Making operation type 14 opaque [module /[Default VFS]/]
- Accepting operation type 14 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #15 (type 15, layer 0)
- Making operation type 15 opaque [module /[Default VFS]/]
- Accepting operation type 15 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #16 (type 16, layer 0)
- Making operation type 16 opaque [module /[Default VFS]/]
- Accepting operation type 16 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #17 (type 17, layer 0)
- Making operation type 17 opaque [module /[Default VFS]/]
- Accepting operation type 17 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #18 (type 18, layer 0)
- Making operation type 18 opaque [module /[Default VFS]/]
- Accepting operation type 18 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #19 (type 19, layer 0)
- Making operation type 19 opaque [module /[Default VFS]/]
- Accepting operation type 19 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #20 (type 20, layer 0)
- Making operation type 20 opaque [module /[Default VFS]/]
- Accepting operation type 20 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #21 (type 21, layer 0)
- Making operation type 21 opaque [module /[Default VFS]/]
- Accepting operation type 21 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #22 (type 22, layer 0)
- Making operation type 22 opaque [module /[Default VFS]/]
- Accepting operation type 22 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #23 (type 23, layer 0)
- Making operation type 23 opaque [module /[Default VFS]/]
- Accepting operation type 23 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #24 (type 24, layer 0)
- Making operation type 24 opaque [module /[Default VFS]/]
- Accepting operation type 24 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #25 (type 25, layer 0)
- Making operation type 25 opaque [module /[Default VFS]/]
- Accepting operation type 25 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #26 (type 26, layer 0)
- Making operation type 26 opaque [module /[Default VFS]/]
- Accepting operation type 26 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #27 (type 27, layer 0)
- Making operation type 27 opaque [module /[Default VFS]/]
- Accepting operation type 27 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #28 (type 28, layer 0)
- Making operation type 28 opaque [module /[Default VFS]/]
- Accepting operation type 28 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #29 (type 29, layer 0)
- Making operation type 29 opaque [module /[Default VFS]/]
- Accepting operation type 29 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #30 (type 30, layer 0)
- Making operation type 30 opaque [module /[Default VFS]/]
- Accepting operation type 30 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #31 (type 31, layer 0)
- Making operation type 31 opaque [module /[Default VFS]/]
- Accepting operation type 31 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #32 (type 32, layer 0)
- Making operation type 32 opaque [module /[Default VFS]/]
- Accepting operation type 32 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #33 (type 33, layer 0)
- Making operation type 33 opaque [module /[Default VFS]/]
- Accepting operation type 33 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #34 (type 34, layer 0)
- Making operation type 34 opaque [module /[Default VFS]/]
- Accepting operation type 34 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #35 (type 35, layer 0)
- Making operation type 35 opaque [module /[Default VFS]/]
- Accepting operation type 35 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #36 (type 36, layer 0)
- Making operation type 36 opaque [module /[Default VFS]/]
- Accepting operation type 36 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #37 (type 37, layer 0)
- Making operation type 37 opaque [module /[Default VFS]/]
- Accepting operation type 37 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #38 (type 38, layer 0)
- Making operation type 38 opaque [module /[Default VFS]/]
- Accepting operation type 38 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #39 (type 39, layer 0)
- Making operation type 39 opaque [module /[Default VFS]/]
- Accepting operation type 39 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #40 (type 40, layer 0)
- Making operation type 40 opaque [module /[Default VFS]/]
- Accepting operation type 40 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #41 (type 41, layer 0)
- Making operation type 41 opaque [module /[Default VFS]/]
- Accepting operation type 41 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #42 (type 42, layer 0)
- Making operation type 42 opaque [module /[Default VFS]/]
- Accepting operation type 42 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #43 (type 43, layer 0)
- Making operation type 43 opaque [module /[Default VFS]/]
- Accepting operation type 43 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #44 (type 44, layer 0)
- Making operation type 44 opaque [module /[Default VFS]/]
- Accepting operation type 44 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #45 (type 45, layer 0)
- Making operation type 45 opaque [module /[Default VFS]/]
- Accepting operation type 45 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #46 (type 46, layer 0)
- Making operation type 46 opaque [module /[Default VFS]/]
- Accepting operation type 46 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #47 (type 47, layer 0)
- Making operation type 47 opaque [module /[Default VFS]/]
- Accepting operation type 47 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #48 (type 48, layer 0)
- Making operation type 48 opaque [module /[Default VFS]/]
- Accepting operation type 48 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #49 (type 49, layer 0)
- Making operation type 49 opaque [module /[Default VFS]/]
- Accepting operation type 49 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #50 (type 50, layer 0)
- Making operation type 50 opaque [module /[Default VFS]/]
- Accepting operation type 50 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #51 (type 51, layer 0)
- Making operation type 51 opaque [module /[Default VFS]/]
- Accepting operation type 51 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #52 (type 52, layer 0)
- Making operation type 52 opaque [module /[Default VFS]/]
- Accepting operation type 52 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #53 (type 53, layer 0)
- Making operation type 53 opaque [module /[Default VFS]/]
- Accepting operation type 53 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #54 (type 54, layer 0)
- Making operation type 54 opaque [module /[Default VFS]/]
- Accepting operation type 54 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #55 (type 55, layer 0)
- Making operation type 55 opaque [module /[Default VFS]/]
- Accepting operation type 55 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #56 (type 56, layer 0)
- Making operation type 56 opaque [module /[Default VFS]/]
- Accepting operation type 56 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #57 (type 57, layer 0)
- Making operation type 57 opaque [module /[Default VFS]/]
- Accepting operation type 57 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #58 (type 58, layer 0)
- Making operation type 58 opaque [module /[Default VFS]/]
- Accepting operation type 58 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #59 (type 59, layer 0)
- Making operation type 59 opaque [module /[Default VFS]/]
- Accepting operation type 59 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #60 (type 60, layer 0)
- Making operation type 60 opaque [module /[Default VFS]/]
- Accepting operation type 60 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #61 (type 61, layer 0)
- Making operation type 61 opaque [module /[Default VFS]/]
- Accepting operation type 61 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #62 (type 62, layer 0)
- Making operation type 62 opaque [module /[Default VFS]/]
- Accepting operation type 62 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #63 (type 63, layer 0)
- Making operation type 63 opaque [module /[Default VFS]/]
- Accepting operation type 63 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #64 (type 64, layer 0)
- Making operation type 64 opaque [module /[Default VFS]/]
- Accepting operation type 64 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #65 (type 65, layer 0)
- Making operation type 65 opaque [module /[Default VFS]/]
- Accepting operation type 65 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #66 (type 66, layer 0)
- Making operation type 66 opaque [module /[Default VFS]/]
- Accepting operation type 66 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #67 (type 67, layer 0)
- Making operation type 67 opaque [module /[Default VFS]/]
- Accepting operation type 67 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #68 (type 68, layer 0)
- Making operation type 68 opaque [module /[Default VFS]/]
- Accepting operation type 68 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #69 (type 69, layer 0)
- Making operation type 69 opaque [module /[Default VFS]/]
- Accepting operation type 69 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #70 (type 70, layer 0)
- Making operation type 70 opaque [module /[Default VFS]/]
- Accepting operation type 70 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #71 (type 71, layer 0)
- Making operation type 71 opaque [module /[Default VFS]/]
- Accepting operation type 71 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #72 (type 72, layer 0)
- Making operation type 72 opaque [module /[Default VFS]/]
- Accepting operation type 72 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #73 (type 73, layer 0)
- Making operation type 73 opaque [module /[Default VFS]/]
- Accepting operation type 73 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #74 (type 74, layer 0)
- Making operation type 74 opaque [module /[Default VFS]/]
- Accepting operation type 74 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #75 (type 75, layer 0)
- Making operation type 75 opaque [module /[Default VFS]/]
- Accepting operation type 75 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #76 (type 76, layer 0)
- Making operation type 76 opaque [module /[Default VFS]/]
- Accepting operation type 76 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #77 (type 77, layer 0)
- Making operation type 77 opaque [module /[Default VFS]/]
- Accepting operation type 77 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #78 (type 78, layer 0)
- Making operation type 78 opaque [module /[Default VFS]/]
- Accepting operation type 78 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #79 (type 79, layer 0)
- Making operation type 79 opaque [module /[Default VFS]/]
- Accepting operation type 79 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #80 (type 80, layer 0)
- Making operation type 80 opaque [module /[Default VFS]/]
- Accepting operation type 80 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #81 (type 81, layer 0)
- Making operation type 81 opaque [module /[Default VFS]/]
- Accepting operation type 81 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #82 (type 82, layer 0)
- Making operation type 82 opaque [module /[Default VFS]/]
- Accepting operation type 82 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #83 (type 83, layer 0)
- Making operation type 83 opaque [module /[Default VFS]/]
- Accepting operation type 83 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #84 (type 84, layer 0)
- Making operation type 84 opaque [module /[Default VFS]/]
- Accepting operation type 84 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #85 (type 85, layer 0)
- Making operation type 85 opaque [module /[Default VFS]/]
- Accepting operation type 85 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #86 (type 86, layer 0)
- Making operation type 86 opaque [module /[Default VFS]/]
- Accepting operation type 86 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #87 (type 87, layer 0)
- Making operation type 87 opaque [module /[Default VFS]/]
- Accepting operation type 87 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #88 (type 88, layer 0)
- Making operation type 88 opaque [module /[Default VFS]/]
- Accepting operation type 88 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #89 (type 89, layer 0)
- Making operation type 89 opaque [module /[Default VFS]/]
- Accepting operation type 89 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #90 (type 90, layer 0)
- Making operation type 90 opaque [module /[Default VFS]/]
- Accepting operation type 90 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #91 (type 91, layer 0)
- Making operation type 91 opaque [module /[Default VFS]/]
- Accepting operation type 91 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #92 (type 92, layer 0)
- Making operation type 92 opaque [module /[Default VFS]/]
- Accepting operation type 92 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #93 (type 93, layer 0)
- Making operation type 93 opaque [module /[Default VFS]/]
- Accepting operation type 93 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #94 (type 94, layer 0)
- Making operation type 94 opaque [module /[Default VFS]/]
- Accepting operation type 94 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #95 (type 95, layer 0)
- Making operation type 95 opaque [module /[Default VFS]/]
- Accepting operation type 95 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #96 (type 96, layer 0)
- Making operation type 96 opaque [module /[Default VFS]/]
- Accepting operation type 96 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #97 (type 97, layer 0)
- Making operation type 97 opaque [module /[Default VFS]/]
- Accepting operation type 97 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #98 (type 98, layer 0)
- Making operation type 98 opaque [module /[Default VFS]/]
- Accepting operation type 98 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #99 (type 99, layer 0)
- Making operation type 99 opaque [module /[Default VFS]/]
- Accepting operation type 99 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #100 (type 100, layer 0)
- Making operation type 100 opaque [module /[Default VFS]/]
- Accepting operation type 100 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #101 (type 101, layer 0)
- Making operation type 101 opaque [module /[Default VFS]/]
- Accepting operation type 101 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
- Checking operation #102 (type 102, layer 0)
- Making operation type 102 opaque [module /[Default VFS]/]
- Accepting operation type 102 from module /[Default VFS]/
- [2010/02/14 20:52:57, 5] smbd/connection.c:claim_connection(142)
- claiming [IPC$]
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x110de70
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] smbd/share_access.c:user_ok_token(231)
- user_ok_token: share IPC$ is ok for unix user nobody
- [2010/02/14 20:52:57, 10] smbd/share_access.c:is_share_read_only_for_token(273)
- is_share_read_only_for_user: share IPC$ is read-only for unix user nobody
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
- se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (1) granted.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(470)
- NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
- contains 4 SIDs
- SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
- SID[ 1]: S-1-1-0
- SID[ 2]: S-1-5-2
- SID[ 3]: S-1-5-32-546
- SE_PRIV 0x0 0x0 0x0 0x0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 65534
- Primary group is 65534 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_user(272)
- change_to_user uid=(0,65534) gid=(0,65534)
- [2010/02/14 20:52:57, 3] smbd/service.c:make_connection_snum(1198)
- hds-virtbox1 (::ffff:192.168.1.183) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 21948)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/reply.c:reply_tcon_and_X(727)
- tconX service=IPC$
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=56
- smb_com=0x75
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=192
- smt_wct=7
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 1 (0x1)
- smb_vwv[ 3]= 511 (0x1FF)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 511 (0x1FF)
- smb_vwv[ 6]= 0 (0x0)
- smb_bcc=7
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 49 50 43 00 00 00 00 IPC....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 100
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x64
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 4 of length 104 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=100
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=256
- smt_wct=24
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]= 3584 (0xE00)
- smb_vwv[ 3]= 5632 (0x1600)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]=40704 (0x9F00)
- smb_vwv[ 8]= 513 (0x201)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 768 (0x300)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 256 (0x100)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]=16384 (0x4000)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]= 512 (0x200)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 768 (0x300)
- smb_bcc=17
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c..
- [010] 00 .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBntcreateX.68.req len 104
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(470)
- NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
- contains 4 SIDs
- SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
- SID[ 1]: S-1-1-0
- SID[ 2]: S-1-5-2
- SID[ 3]: S-1-5-32-546
- SE_PRIV 0x0 0x0 0x0 0x0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 65534
- Primary group is 65534 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_user(272)
- change_to_user uid=(0,65534) gid=(0,65534)
- [2010/02/14 20:52:57, 4] smbd/vfs.c:vfs_ChDir(733)
- vfs_ChDir to /tmp
- [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
- reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc
- [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
- nt_open_pipe: Opening pipe \lsarpc.
- [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
- nt_open_pipe: Known pipe lsarpc opening.
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
- Open pipe requested lsarpc (pipes_open=0)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
- Create pipe requested lsarpc
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
- init_pipe_handles: created handle list for pipe lsarpc
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
- init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
- Created internal pipe lsarpc (pipes_open=0)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
- Opened pipe lsarpc with handle 7715 (pipes_open=1)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 6C73617270632F32313934382F333034383500
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x10ba6a0
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 6C73617270632F32313934382F333034383500
- [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
- do_ntcreate_pipe_open: open pipe = \lsarpc
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=135
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=256
- smt_wct=42
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 5376 (0x1500)
- smb_vwv[ 3]= 375 (0x177)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 0 (0x0)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 0 (0x0)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]= 0 (0x0)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]=32768 (0x8000)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 0 (0x0)
- smb_vwv[24]= 0 (0x0)
- smb_vwv[25]= 0 (0x0)
- smb_vwv[26]= 0 (0x0)
- smb_vwv[27]= 0 (0x0)
- smb_vwv[28]= 0 (0x0)
- smb_vwv[29]= 0 (0x0)
- smb_vwv[30]= 0 (0x0)
- smb_vwv[31]= 512 (0x200)
- smb_vwv[32]=65280 (0xFF00)
- smb_vwv[33]= 5 (0x5)
- smb_vwv[34]= 0 (0x0)
- smb_vwv[35]= 0 (0x0)
- smb_vwv[36]= 0 (0x0)
- smb_vwv[37]= 0 (0x0)
- smb_vwv[38]= 0 (0x0)
- smb_vwv[39]= 0 (0x0)
- smb_vwv[40]= 0 (0x0)
- smb_vwv[41]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 136
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x88
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 5 of length 140 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=136
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=320
- smt_wct=14
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30485 (0x7715)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]=65535 (0xFFFF)
- smb_vwv[ 6]=65535 (0xFFFF)
- smb_vwv[ 7]= 8 (0x8)
- smb_vwv[ 8]= 72 (0x48)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 72 (0x48)
- smb_vwv[11]= 64 (0x40)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_bcc=73
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
- [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
- [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg.
- [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
- [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBwriteX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBwriteX.68.req len 140
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7715 name: lsarpc open: Yes len: 72
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
- [020] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
- [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0b
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 11, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 11
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
- api_pipe_bind_req: decode request. 1553
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
- api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_rb
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 00000000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0008 num_contexts: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000c context_id : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 000e num_transfer_syntaxes: 01
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 00000f smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 data : 12345778
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 data : 1234
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0016 data : abcd
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0018 data : ef 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 001a data : 01 23 45 67 89 ab
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 version: 00000000
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
- api_pipe_bind_req: make response. 1608
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
- check_bind_req for \PIPE\lsarpc
- checking \PIPE\lsarpc
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_ba
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 000053f0
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000008 smb_io_rpc_addr_str
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 len: 000d
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 000a str: \PIPE\lsarpc.
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000017 smb_io_rpc_results
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0018 num_results: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 001c result : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 001e reason : 0000
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000020 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000020 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0024 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0026 data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0028 data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002a data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0030 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0044
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 56
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
- writeX-IPC pnum=7715 nwritten=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=47
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=320
- smt_wct=6
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 72 (0x48)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 59
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x3b
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 6 of length 63 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=59
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=384
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30485 (0x7715)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 1024 (0x400)
- smb_vwv[ 6]= 1024 (0x400)
- smb_vwv[ 7]=65535 (0xFFFF)
- smb_vwv[ 8]=65535 (0xFFFF)
- smb_vwv[ 9]= 1024 (0x400)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBreadX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBreadX.68.req len 63
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7715 name: lsarpc len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
- read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
- readX-IPC pnum=7715 min=1024 max=1024 nread=68
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=127
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=384
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 68 (0x44)
- smb_vwv[ 6]= 59 (0x3B)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=68
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D.......
- [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
- [020] 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 00 lsarpc.. ........
- [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
- [040] 02 00 00 00 ....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 176
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0xb0
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 7 of length 180 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=176
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=448
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 92 (0x5C)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 92 (0x5C)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30485 (0x7715)
- smb_bcc=109
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\......
- [020] 00 44 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 .D....., ........
- [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
- [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
- [050] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [060] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ .....
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=92 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "lsarpc" (pnum 7715)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7715 name: lsarpc open: Yes len: 92
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 00 ........ \.......
- [010] 44 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 00 D.....,. ........
- [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
- [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
- [040] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [050] 00 00 00 00 00 00 00 00 00 00 00 02 ........ ....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 92
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 76
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 005c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 76
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000044
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 002c
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 74
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: lsarpc op 0x2c - created /tmp/in_lsarpc_44.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: LSA_OPENPOLICY2
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[44].fn == 0x4dd620
- lsa_OpenPolicy2: struct lsa_OpenPolicy2
- in: struct lsa_OpenPolicy2
- system_name : *
- system_name : '\\HDS-LINUX'
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : NULL
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
- Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- lsa_OpenPolicy2: struct lsa_OpenPolicy2
- out: struct lsa_OpenPolicy2
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-784b-a962bc550000
- result : NT_STATUS_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_lsarpc_44.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called lsarpc successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 852
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 76
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7715 name: lsarpc len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=448
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........
- [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 130
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x82
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 8 of length 134 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=130
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=512
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 46 (0x2E)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 46 (0x2E)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30485 (0x7715)
- smb_bcc=63
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........
- [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 0C 00 .....xK. b.U....
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=46 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "lsarpc" (pnum 7715)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7715 name: lsarpc open: Yes len: 46
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 00 ........ ........
- [010] 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 0C 00 ....xK.b .U....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 46
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 002e
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000016
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 002e
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: lsarpc op 0x2e - created /tmp/in_lsarpc_46.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[46].fn == 0x4dd198
- lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
- in: struct lsa_QueryInfoPolicy2
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-784b-a962bc550000
- level : LSA_POLICY_INFO_DNS (12)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339)
- api_rpcTNP: rng fault return
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 23
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0020
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000018 smb_io_rpc_hdr_fault fault
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807)
- 0018 status : DCERPC_FAULT_OP_RNG_ERROR
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 001c reserved: 00000000
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 30
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7715 name: lsarpc len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
- read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes.
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..32] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=88
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=512
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 32 (0x20)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 32 (0x20)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=33
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ......
- [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........
- [020] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 130
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x82
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 9 of length 134 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=130
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=576
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 46 (0x2E)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 46 (0x2E)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30485 (0x7715)
- smb_bcc=63
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........
- [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 03 00 .....xK. b.U....
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=46 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "lsarpc" (pnum 7715)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7715 name: lsarpc open: Yes len: 46
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 ........ ........
- [010] 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 03 00 ....xK.b .U....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 46
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 002e
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000003
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000016
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0007
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: lsarpc op 0x7 - created /tmp/in_lsarpc_7.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[7].fn == 0x4e2868
- lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
- in: struct lsa_QueryInfoPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-784b-a962bc550000
- level : LSA_POLICY_INFO_DOMAIN (3)
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
- out: struct lsa_QueryInfoPolicy
- info : *
- info : *
- info : union lsa_PolicyInformation(case 3)
- domain: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : 'SEMARKIT'
- sid : *
- sid : S-1-5-21-2934603361-1946261283-2740193522
- result : NT_STATUS_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_lsarpc_7.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called lsarpc successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 140
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 30
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7715 name: lsarpc len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0068
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000003
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000050
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..104] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=160
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=576
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 104 (0x68)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 104 (0x68)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=105
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h......
- [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .P...... ........
- [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........
- [030] 00 00 00 00 00 08 00 00 00 53 00 45 00 4D 00 41 ........ .S.E.M.A
- [040] 00 52 00 4B 00 49 00 54 00 04 00 00 00 01 04 00 .R.K.I.T ........
- [050] 00 00 00 00 05 15 00 00 00 61 7E EA AE 23 97 01 ........ .a~..#..
- [060] 74 F2 08 54 A3 00 00 00 00 t..T.... .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 100
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x64
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 10 of length 104 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=100
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=640
- smt_wct=24
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]= 3584 (0xE00)
- smb_vwv[ 3]= 5632 (0x1600)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]=40704 (0x9F00)
- smb_vwv[ 8]= 513 (0x201)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 768 (0x300)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 256 (0x100)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]=16384 (0x4000)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]= 512 (0x200)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 768 (0x300)
- smb_bcc=17
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g..
- [010] 00 .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBntcreateX.69.req len 104
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
- reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = winreg
- [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
- nt_open_pipe: Opening pipe \winreg.
- [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
- nt_open_pipe: Known pipe winreg opening.
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
- Open pipe requested winreg (pipes_open=1)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
- open_rpc_pipe_p: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
- Create pipe requested winreg
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
- init_pipe_handles: created handle list for pipe winreg
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
- init_pipe_handles: pipe_handles ref count = 1 for pipe winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
- Created internal pipe winreg (pipes_open=1)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
- Opened pipe winreg with handle 7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name winreg pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 77696E7265672F32313934382F333034383600
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x1109230
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 77696E7265672F32313934382F333034383600
- [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
- do_ntcreate_pipe_open: open pipe = \winreg
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=135
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=640
- smt_wct=42
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 5632 (0x1600)
- smb_vwv[ 3]= 375 (0x177)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 0 (0x0)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 0 (0x0)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]= 0 (0x0)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]=32768 (0x8000)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 0 (0x0)
- smb_vwv[24]= 0 (0x0)
- smb_vwv[25]= 0 (0x0)
- smb_vwv[26]= 0 (0x0)
- smb_vwv[27]= 0 (0x0)
- smb_vwv[28]= 0 (0x0)
- smb_vwv[29]= 0 (0x0)
- smb_vwv[30]= 0 (0x0)
- smb_vwv[31]= 512 (0x200)
- smb_vwv[32]=65280 (0xFF00)
- smb_vwv[33]= 5 (0x5)
- smb_vwv[34]= 0 (0x0)
- smb_vwv[35]= 0 (0x0)
- smb_vwv[36]= 0 (0x0)
- smb_vwv[37]= 0 (0x0)
- smb_vwv[38]= 0 (0x0)
- smb_vwv[39]= 0 (0x0)
- smb_vwv[40]= 0 (0x0)
- smb_vwv[41]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 136
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x88
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 11 of length 140 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=136
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=704
- smt_wct=14
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30486 (0x7716)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]=65535 (0xFFFF)
- smb_vwv[ 6]=65535 (0xFFFF)
- smb_vwv[ 7]= 8 (0x8)
- smb_vwv[ 8]= 72 (0x48)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 72 (0x48)
- smb_vwv[11]= 64 (0x40)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_bcc=73
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
- [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
- [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8..
- [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
- [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBwriteX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBwriteX.69.req len 140
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 72
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
- [020] 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 03 ...3D".1 ....8...
- [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0b
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 11, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 11
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
- api_pipe_bind_req: decode request. 1553
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
- api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_rb
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 00000000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0008 num_contexts: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000c context_id : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 000e num_transfer_syntaxes: 01
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 00000f smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 data : 338cd001
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 data : 2244
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0016 data : 31f1
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0018 data : aa aa
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 001a data : 90 00 38 00 10 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 version: 00000001
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
- api_pipe_bind_req: make response. 1608
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
- check_bind_req for \PIPE\winreg
- checking \PIPE\lsarpc
- checking \PIPE\lsarpc
- checking \PIPE\samr
- checking \PIPE\NETLOGON
- checking \PIPE\srvsvc
- checking \PIPE\wkssvc
- checking \PIPE\winreg
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_ba
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 000053f0
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000008 smb_io_rpc_addr_str
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 len: 000d
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 000a str: \PIPE\winreg.
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000017 smb_io_rpc_results
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0018 num_results: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 001c result : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 001e reason : 0000
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000020 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000020 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0024 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0026 data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0028 data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002a data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0030 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0044
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 56
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
- writeX-IPC pnum=7716 nwritten=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=47
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=704
- smt_wct=6
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 72 (0x48)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 59
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x3b
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 12 of length 63 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=59
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=768
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30486 (0x7716)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 1024 (0x400)
- smb_vwv[ 6]= 1024 (0x400)
- smb_vwv[ 7]=65535 (0xFFFF)
- smb_vwv[ 8]=65535 (0xFFFF)
- smb_vwv[ 9]= 1024 (0x400)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBreadX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBreadX.69.req len 63
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
- read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
- readX-IPC pnum=7716 min=1024 max=1024 nread=68
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=127
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=768
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 68 (0x44)
- smb_vwv[ 6]= 59 (0x3B)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=68
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D.......
- [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
- [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........
- [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
- [040] 02 00 00 00 ....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 120
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x78
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 13 of length 124 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=120
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=832
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 36 (0x24)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 36 (0x24)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30486 (0x7716)
- smb_bcc=53
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
- [020] 00 0C 00 00 00 00 00 02 00 00 00 02 00 30 C9 01 ........ .....0..
- [030] 00 00 00 00 02 .....
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=36 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "winreg" (pnum 7716)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x11090b0 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 36
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ $.......
- [010] 0C 00 00 00 00 00 02 00 00 00 02 00 30 C9 01 00 ........ ....0...
- [020] 00 00 00 02 ....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 36
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 20
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0024
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 20
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 0000000c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0002
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 74
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: winreg op 0x2 - created /tmp/in_winreg_2.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: WINREG_OPENHKLM
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[2].fn == 0x4e8140
- winreg_OpenHKLM: struct winreg_OpenHKLM
- in: struct winreg_OpenHKLM
- system_name : *
- system_name : 0xc930 (51504)
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [HKLM]
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(100) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(409)
- regdb_open: refcount reset (1)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb89e00 for key [/HKLM]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 20) -> 4
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 16) -> 9
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 7) -> 7
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [2] items
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
- regdb_get_secdesc: Getting secdesc of key [HKLM]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
- Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- winreg_OpenHKLM: struct winreg_OpenHKLM
- out: struct winreg_OpenHKLM
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-784b-a962bc550000
- result : WERR_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_winreg_2.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called winreg successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 20
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=832
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........
- [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 268
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x10c
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 14 of length 272 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=268
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=896
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 184 (0xB8)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 184 (0xB8)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30486 (0x7716)
- smb_bcc=201
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........
- [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 6E 00 6E .....xK. b.U..n.n
- [040] 00 00 00 02 00 37 00 00 00 00 00 00 00 37 00 00 .....7.. .....7..
- [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C
- [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o
- [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t
- [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e
- [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g
- [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m
- [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\....
- [0C0] 00 00 00 00 00 19 00 02 00 ........ .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=184 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "winreg" (pnum 7716)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x11090b0 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 184
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 00 ........ ........
- [010] A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 6E 00 6E 00 ....xK.b .U..n.n.
- [030] 00 00 02 00 37 00 00 00 00 00 00 00 37 00 00 00 ....7... ....7...
- [040] 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 00 S.y.s.t. e.m.\.C.
- [050] 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F 00 u.r.r.e. n.t.C.o.
- [060] 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 00 n.t.r.o. l.S.e.t.
- [070] 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 00 \.s.e.r. v.i.c.e.
- [080] 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 00 s.\.N.e. t.l.o.g.
- [090] 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D 00 o.n.\.p. a.r.a.m.
- [0A0] 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 00 e.t.e.r. s.\.....
- [0B0] 00 00 00 00 19 00 02 00 ........
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 184
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 168
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 00b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 168
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 000000a0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 000f
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: winreg op 0xf - created /tmp/in_winreg_15.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: WINREG_OPENKEY
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[15].fn == 0x4e64c0
- winreg_OpenKey: struct winreg_OpenKey
- in: struct winreg_OpenKey
- parent_handle : *
- parent_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-784b-a962bc550000
- keyname: struct winreg_String
- name_len : 0x006e (110)
- name_size : 0x006e (110)
- name : *
- name : 'System\CurrentControlSet\services\Netlogon\parameters\'
- unknown : 0x00000000 (0)
- access_mask : 0x00020019 (131097)
- 1: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 1: KEY_ENUMERATE_SUB_KEYS
- 1: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [System]
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
- regdb_open: incrementing refcount (1)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM/System]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM/System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [System], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SOFTWARE]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SYSTEM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM\System]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 22) -> 4
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 18) -> 18
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [1] items
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
- regdb_get_secdesc: Getting secdesc of key [HKLM\System]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (8) granted.
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
- regdb_open: incrementing refcount (2)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM/System/CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [System], new_path => [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SOFTWARE]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SYSTEM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [CurrentControlSet], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 21) -> 4
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 17) -> 8
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 9) -> 9
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [2] items
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
- regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (8) granted.
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (2)
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [services]
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
- regdb_open: incrementing refcount (2)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM/System/CurrentControlSet/services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SOFTWARE]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SYSTEM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [CurrentControlSet], new_path => [services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [services], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Control]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 69) -> 4
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 65) -> 13
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 52) -> 9
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 43) -> 6
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 37) -> 9
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 28) -> 8
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 20) -> 15
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 5) -> 5
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [7] items
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
- regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (8) granted.
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (2)
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [Netlogon]
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
- regdb_open: incrementing refcount (2)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SOFTWARE]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SYSTEM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [services], new_path => [Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Control]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [Netlogon], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [LanmanServer]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Tcpip]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services/Netlogon]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 24) -> 4
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 20) -> 11
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(f, 9) -> 9
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [2] items
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
- regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services\Netlogon]
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (8) granted.
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (2)
- [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
- regkey_open_onelevel: name = [parameters]
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
- regdb_open: incrementing refcount (2)
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
- reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
- pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon/parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [HKPT]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [HKLM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon/parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SOFTWARE]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [SYSTEM]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [System]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon/parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [CurrentControlSet]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [services], new_path => [Netlogon/parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Control]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [services]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [Netlogon], new_path => [parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [LanmanServer]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Tcpip]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [Netlogon]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
- pathtree_find: [loop] base => [parameters], new_path => []
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
- pathtree_find_child: child key => [Parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
- pathtree_find_child: Found [parameters]
- [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
- pathtree_find: Found data_p!
- [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
- pathtree_find: Exit
- [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
- reghook_cache_find: found ops 0xb8b280 for key [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
- regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(d, 4) -> 4
- [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
- regdb_fetch_keys: Exit [0] items
- [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
- se_access_check: requested access 0x00020019, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
- [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
- se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
- se_access_check: also S-1-1-0
- se_access_check: also S-1-5-2
- se_access_check: also S-1-5-32-546
- se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019
- [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
- se_access_check: access (20019) granted.
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (2)
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
- Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- winreg_OpenKey: struct winreg_OpenKey
- out: struct winreg_OpenKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-784b-a962bc550000
- result : WERR_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_winreg_15.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called winreg successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 168
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=896
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........
- [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 232
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0xe8
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 15 of length 236 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=232
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=960
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 148 (0x94)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 148 (0x94)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30486 (0x7716)
- smb_bcc=165
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........
- [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 2A 00 2A .....xK. b.U..*.*
- [040] 00 00 00 02 00 15 00 00 00 00 00 00 00 15 00 00 ........ ........
- [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a
- [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h
- [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 04 00 02 .a.n.g.e ...S....
- [080] 00 94 F5 F8 01 08 00 02 00 04 00 00 00 00 00 00 ........ ........
- [090] 00 00 00 00 00 0C 00 02 00 04 00 00 00 10 00 02 ........ ........
- [0A0] 00 00 00 00 00 .....
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=148 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "winreg" (pnum 7716)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x11090b0 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 148
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 00 ........ ........
- [010] 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 00 |....... ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 2A 00 2A 00 ....xK.b .U..*.*.
- [030] 00 00 02 00 15 00 00 00 00 00 00 00 15 00 00 00 ........ ........
- [040] 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 00 R.e.f.u. s.e.P.a.
- [050] 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 00 s.s.w.o. r.d.C.h.
- [060] 61 00 6E 00 67 00 65 00 00 00 53 00 04 00 02 00 a.n.g.e. ..S.....
- [070] 94 F5 F8 01 08 00 02 00 04 00 00 00 00 00 00 00 ........ ........
- [080] 00 00 00 00 0C 00 02 00 04 00 00 00 10 00 02 00 ........ ........
- [090] 00 00 00 00 ....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 148
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 132
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0094
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000003
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 132
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 0000007c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0011
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: winreg op 0x11 - created /tmp/in_winreg_17.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: WINREG_QUERYVALUE
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[17].fn == 0x4e5ec8
- winreg_QueryValue: struct winreg_QueryValue
- in: struct winreg_QueryValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-784b-a962bc550000
- value_name : *
- value_name: struct winreg_String
- name_len : 0x002a (42)
- name_size : 0x002a (42)
- name : *
- name : 'RefusePasswordChange'
- type : *
- type : UNKNOWN_ENUM_VALUE (33093012)
- data : *
- data: ARRAY(0)
- data_size : *
- data_size : 0x00000004 (4)
- value_length : *
- value_length : 0x00000000 (0)
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(239)
- _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
- [2010/02/14 20:52:57, 7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(240)
- _reg_info: policy key type = [00000000]
- [2010/02/14 20:52:57, 10] registry/reg_dispatcher.c:fetch_reg_values(131)
- fetch_reg_values called for key 'HKLM\System\CurrentControlSet\services\Netlogon\parameters' (ops 0xb8b280)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(100) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = ACCT_POL/refuse machine password change couldn't be found
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
- ldapsam_get_account_policy_from_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
- ldapsam_get_account_policy: failed to retrieve from ldap
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
- ldapsam_set_account_policy_in_ldap
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
- smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
- cache_account_policy_set: updating account pol cache
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
- Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
- and timeout = Sun Feb 14 20:53:57 2010
- (60 seconds ahead)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
- winreg_QueryValue: struct winreg_QueryValue
- out: struct winreg_QueryValue
- type : *
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x00 (0)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- data_size : *
- data_size : 0x00000004 (4)
- value_length : *
- value_length : 0x00000004 (4)
- result : WERR_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_winreg_17.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called winreg successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 36
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 132
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000003
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..72] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=128
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=960
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 72 (0x48)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 72 (0x48)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=73
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H......
- [010] 00 30 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .0...... ........
- [020] 00 04 00 02 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........
- [030] 00 00 00 00 00 08 00 02 00 04 00 00 00 0C 00 02 ........ ........
- [040] 00 04 00 00 00 00 00 00 00 ........ .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 128
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x80
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 16 of length 132 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=128
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1024
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 44 (0x2C)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 44 (0x2C)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30486 (0x7716)
- smb_bcc=61
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,......
- [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=44 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "winreg" (pnum 7716)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x11090b0 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 44
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 ........ ,.......
- [010] 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 002c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000004
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000014
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0005
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.35.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: WINREG_CLOSEKEY
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[5].fn == 0x4e7a78
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-784b-a962bc550000
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
- Closed policy
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (1)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_winreg_5.35.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called winreg successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 28
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000004
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1024
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 128
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x80
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 17 of length 132 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=128
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1088
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 44 (0x2C)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 44 (0x2C)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30486 (0x7716)
- smb_bcc=61
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,......
- [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=44 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "winreg" (pnum 7716)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x11090b0 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7716 name: winreg open: Yes len: 44
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 00 ........ ,.......
- [010] 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 002c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000005
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000014
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0005
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.36.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: WINREG_CLOSEKEY
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[5].fn == 0x4e7a78
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-784b-a962bc550000
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
- Closed policy
- [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
- regdb_close: decrementing refcount (0)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_winreg_5.36.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called winreg successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 28
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7716 name: winreg len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000005
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1088
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 41
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x29
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 18 of length 45 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=41
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1152
- smt_wct=3
- smb_vwv[ 0]=30486 (0x7716)
- smb_vwv[ 1]=65535 (0xFFFF)
- smb_vwv[ 2]=65535 (0xFFFF)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBclose (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBclose.68.req len 45
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7716
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name winreg pnum=7716 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
- reply_pipe_close: pnum:7716
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
- close_policy_by_pipe: deleted handle list for pipe winreg
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
- closed pipe name winreg pnum=7716 (pipes_open=1)
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 77696E7265672F32313934382F333034383600
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x10fed00
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 77696E7265672F32313934382F333034383600
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1152
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 104
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x68
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 19 of length 108 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1216
- smt_wct=24
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]= 4608 (0x1200)
- smb_vwv[ 3]= 5632 (0x1600)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]=40704 (0x9F00)
- smb_vwv[ 8]= 513 (0x201)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 768 (0x300)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 256 (0x100)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]=16384 (0x4000)
- smb_vwv[20]=16384 (0x4000)
- smb_vwv[21]= 512 (0x200)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 256 (0x100)
- smb_bcc=21
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O
- [010] 00 4E 00 00 00 .N...
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBntcreateX.70.req len 108
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
- reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
- [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
- nt_open_pipe: Opening pipe \NETLOGON.
- [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
- nt_open_pipe: Known pipe NETLOGON opening.
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
- Open pipe requested NETLOGON (pipes_open=1)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
- open_rpc_pipe_p: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
- Create pipe requested NETLOGON
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
- init_pipe_handles: created handle list for pipe NETLOGON
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
- init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
- Created internal pipe NETLOGON (pipes_open=1)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
- Opened pipe NETLOGON with handle 7717 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name NETLOGON pnum=7717
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 4E45544C4F474F4E2F32313934382F333034383700
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x111f1b0
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
- [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
- do_ntcreate_pipe_open: open pipe = \NETLOGON
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=135
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1216
- smt_wct=42
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 5888 (0x1700)
- smb_vwv[ 3]= 375 (0x177)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 0 (0x0)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 0 (0x0)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]= 0 (0x0)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]=32768 (0x8000)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 0 (0x0)
- smb_vwv[24]= 0 (0x0)
- smb_vwv[25]= 0 (0x0)
- smb_vwv[26]= 0 (0x0)
- smb_vwv[27]= 0 (0x0)
- smb_vwv[28]= 0 (0x0)
- smb_vwv[29]= 0 (0x0)
- smb_vwv[30]= 0 (0x0)
- smb_vwv[31]= 512 (0x200)
- smb_vwv[32]=65280 (0xFF00)
- smb_vwv[33]= 5 (0x5)
- smb_vwv[34]= 0 (0x0)
- smb_vwv[35]= 0 (0x0)
- smb_vwv[36]= 0 (0x0)
- smb_vwv[37]= 0 (0x0)
- smb_vwv[38]= 0 (0x0)
- smb_vwv[39]= 0 (0x0)
- smb_vwv[40]= 0 (0x0)
- smb_vwv[41]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 136
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x88
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 20 of length 140 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=136
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1280
- smt_wct=14
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30487 (0x7717)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]=65535 (0xFFFF)
- smb_vwv[ 6]=65535 (0xFFFF)
- smb_vwv[ 7]= 8 (0x8)
- smb_vwv[ 8]= 72 (0x48)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 72 (0x48)
- smb_vwv[11]= 64 (0x40)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_bcc=73
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
- [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
- [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg.
- [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
- [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBwriteX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBwriteX.70.req len 140
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7717
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7717 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7717 name: NETLOGON open: Yes len: 72
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
- [020] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg..
- [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0b
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 11, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 11
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
- api_pipe_bind_req: decode request. 1553
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
- api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_rb
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 00000000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0008 num_contexts: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000c context_id : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 000e num_transfer_syntaxes: 01
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 00000f smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 data : 12345678
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 data : 1234
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0016 data : abcd
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0018 data : ef 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 001a data : 01 23 45 67 cf fb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 version: 00000001
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
- api_pipe_bind_req: make response. 1608
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
- check_bind_req for \PIPE\NETLOGON
- checking \PIPE\lsarpc
- checking \PIPE\lsarpc
- checking \PIPE\samr
- checking \PIPE\NETLOGON
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_ba
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 000053f0
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000008 smb_io_rpc_addr_str
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 len: 000f
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 000a str: \PIPE\netlogon.
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000019 smb_io_rpc_results
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 001c num_results: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0020 result : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0022 reason : 0000
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 56
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
- writeX-IPC pnum=7717 nwritten=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=47
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1280
- smt_wct=6
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 72 (0x48)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 59
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x3b
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 21 of length 63 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=59
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1344
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30487 (0x7717)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 1024 (0x400)
- smb_vwv[ 6]= 1024 (0x400)
- smb_vwv[ 7]=65535 (0xFFFF)
- smb_vwv[ 8]=65535 (0xFFFF)
- smb_vwv[ 9]= 1024 (0x400)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBreadX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBreadX.70.req len 63
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7717
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7717 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7717 name: NETLOGON len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
- read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
- readX-IPC pnum=7717 min=1024 max=1024 nread=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=131
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1344
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 72 (0x48)
- smb_vwv[ 6]= 59 (0x3B)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=72
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
- [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........
- [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 194
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0xc2
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 22 of length 198 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=194
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1408
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 110 (0x6E)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 110 (0x6E)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30487 (0x7717)
- smb_bcc=127
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 6E 00 00 00 01 00 00 ........ .n......
- [020] 00 56 00 00 00 00 00 04 00 00 00 02 00 0C 00 00 .V...... ........
- [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
- [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
- [050] 00 0D 00 00 00 00 00 00 00 0D 00 00 00 48 00 44 ........ .....H.D
- [060] 00 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F .S.-.V.I .R.T.B.O
- [070] 00 58 00 31 00 00 00 91 EB 96 8E 75 4D E0 91 .X.1.... ...uM..
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=110 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7717
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7717 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "NETLOGON" (pnum 7717)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x111ef10 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7717 name: NETLOGON open: Yes len: 110
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 6E 00 00 00 01 00 00 00 ........ n.......
- [010] 56 00 00 00 00 00 04 00 00 00 02 00 0C 00 00 00 V....... ........
- [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
- [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
- [040] 0D 00 00 00 00 00 00 00 0D 00 00 00 48 00 44 00 ........ ....H.D.
- [050] 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F 00 S.-.V.I. R.T.B.O.
- [060] 58 00 31 00 00 00 91 EB 96 8E 75 4D E0 91 X.1..... ..uM..
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 110
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 110
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 110, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 94
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 94
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 006e
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 94
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 94, incoming data = 94
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000056
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0004
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 76
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: NETLOGON op 0x4 - created /tmp/in_NETLOGON_4.17.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[4].fn == 0x5083d8
- netr_ServerReqChallenge: struct netr_ServerReqChallenge
- in: struct netr_ServerReqChallenge
- server_name : *
- server_name : '\\HDS-LINUX'
- computer_name : 'HDS-VIRTBOX1'
- credentials : *
- credentials: struct netr_Credential
- data : 91eb968e754de091
- [2010/02/14 20:52:57, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41)
- init_net_r_req_chal: 41
- netr_ServerReqChallenge: struct netr_ServerReqChallenge
- out: struct netr_ServerReqChallenge
- return_credentials : *
- return_credentials: struct netr_Credential
- data : 0e180ab05334a0ce
- result : NT_STATUS_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_NETLOGON_4.17.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called NETLOGON successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 94
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7717 name: NETLOGON len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0024
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 0000000c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=92
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1408
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 36 (0x24)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 36 (0x24)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=37
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
- [010] 00 0C 00 00 00 00 00 00 00 0E 18 0A B0 53 34 A0 ........ .....S4.
- [020] CE 00 00 00 00 .....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 41
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x29
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 23 of length 45 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=41
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1472
- smt_wct=3
- smb_vwv[ 0]=30487 (0x7717)
- smb_vwv[ 1]=65535 (0xFFFF)
- smb_vwv[ 2]=65535 (0xFFFF)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBclose (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBclose.69.req len 45
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7717
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7717 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
- reply_pipe_close: pnum:7717
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
- close_policy_by_pipe: deleted handle list for pipe NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
- closed pipe name NETLOGON pnum=7717 (pipes_open=1)
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 4E45544C4F474F4E2F32313934382F333034383700
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x111d6d0
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1472
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 104
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x68
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 24 of length 108 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1536
- smt_wct=24
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]= 4608 (0x1200)
- smb_vwv[ 3]= 5632 (0x1600)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]=40704 (0x9F00)
- smb_vwv[ 8]= 513 (0x201)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 768 (0x300)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 256 (0x100)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]=16384 (0x4000)
- smb_vwv[20]=16384 (0x4000)
- smb_vwv[21]= 512 (0x200)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 256 (0x100)
- smb_bcc=21
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O
- [010] 00 4E 00 00 00 .N...
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBntcreateX.71.req len 108
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
- reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
- [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
- nt_open_pipe: Opening pipe \NETLOGON.
- [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
- nt_open_pipe: Known pipe NETLOGON opening.
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
- Open pipe requested NETLOGON (pipes_open=1)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
- open_rpc_pipe_p: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
- Create pipe requested NETLOGON
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
- init_pipe_handles: created handle list for pipe NETLOGON
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
- init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
- Created internal pipe NETLOGON (pipes_open=1)
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
- Opened pipe NETLOGON with handle 7718 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name NETLOGON pnum=7718
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
- open pipes: name lsarpc pnum=7715
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 4E45544C4F474F4E2F32313934382F333034383800
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x111d6d0
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
- [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
- do_ntcreate_pipe_open: open pipe = \NETLOGON
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=135
- smb_com=0xa2
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1536
- smt_wct=42
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 6144 (0x1800)
- smb_vwv[ 3]= 375 (0x177)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_vwv[14]= 0 (0x0)
- smb_vwv[15]= 0 (0x0)
- smb_vwv[16]= 0 (0x0)
- smb_vwv[17]= 0 (0x0)
- smb_vwv[18]= 0 (0x0)
- smb_vwv[19]= 0 (0x0)
- smb_vwv[20]= 0 (0x0)
- smb_vwv[21]=32768 (0x8000)
- smb_vwv[22]= 0 (0x0)
- smb_vwv[23]= 0 (0x0)
- smb_vwv[24]= 0 (0x0)
- smb_vwv[25]= 0 (0x0)
- smb_vwv[26]= 0 (0x0)
- smb_vwv[27]= 0 (0x0)
- smb_vwv[28]= 0 (0x0)
- smb_vwv[29]= 0 (0x0)
- smb_vwv[30]= 0 (0x0)
- smb_vwv[31]= 512 (0x200)
- smb_vwv[32]=65280 (0xFF00)
- smb_vwv[33]= 5 (0x5)
- smb_vwv[34]= 0 (0x0)
- smb_vwv[35]= 0 (0x0)
- smb_vwv[36]= 0 (0x0)
- smb_vwv[37]= 0 (0x0)
- smb_vwv[38]= 0 (0x0)
- smb_vwv[39]= 0 (0x0)
- smb_vwv[40]= 0 (0x0)
- smb_vwv[41]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 136
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x88
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 25 of length 140 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=136
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1600
- smt_wct=14
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30488 (0x7718)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]=65535 (0xFFFF)
- smb_vwv[ 6]=65535 (0xFFFF)
- smb_vwv[ 7]= 8 (0x8)
- smb_vwv[ 8]= 72 (0x48)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 72 (0x48)
- smb_vwv[11]= 64 (0x40)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_bcc=73
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
- [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
- [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg.
- [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
- [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBwriteX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBwriteX.71.req len 140
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7718
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7718 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7718 name: NETLOGON open: Yes len: 72
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
- [020] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg..
- [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0b
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 11, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 11
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
- api_pipe_bind_req: decode request. 1553
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
- api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_rb
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 00000000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0008 num_contexts: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000c context_id : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 000e num_transfer_syntaxes: 01
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 00000f smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 data : 12345678
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 data : 1234
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0016 data : abcd
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 0018 data : ef 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 001a data : 01 23 45 67 cf fb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0020 version: 00000001
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
- api_pipe_bind_req: make response. 1608
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
- check_bind_req for \PIPE\NETLOGON
- checking \PIPE\lsarpc
- checking \PIPE\lsarpc
- checking \PIPE\samr
- checking \PIPE\NETLOGON
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_ba
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_bba
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0000 max_tsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0002 max_rsize: 10b8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0004 assoc_gid: 000053f0
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000008 smb_io_rpc_addr_str
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 len: 000f
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 000a str: \PIPE\netlogon.
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000019 smb_io_rpc_results
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 001c num_results: 01
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0020 result : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0022 reason : 0000
- [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_rpc_iface
- [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
- 000024 smb_io_uuid uuid
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0024 data : 8a885d04
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0028 data : 1ceb
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 002a data : 11c9
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002c data : 9f e8
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
- 002e data : 08 00 2b 10 48 60
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0034 version: 00000002
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 0c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0048
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 56
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
- writeX-IPC pnum=7718 nwritten=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=47
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1600
- smt_wct=6
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 72 (0x48)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 59
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x3b
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 26 of length 63 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=59
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1664
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=30488 (0x7718)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 1024 (0x400)
- smb_vwv[ 6]= 1024 (0x400)
- smb_vwv[ 7]=65535 (0xFFFF)
- smb_vwv[ 8]=65535 (0xFFFF)
- smb_vwv[ 9]= 1024 (0x400)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBreadX (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBreadX.71.req len 63
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7718
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7718 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7718 name: NETLOGON len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
- read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
- [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
- readX-IPC pnum=7718 min=1024 max=1024 nread=72
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=131
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1664
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 72 (0x48)
- smb_vwv[ 6]= 59 (0x3B)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=72
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
- [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
- [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........
- [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
- [040] 2B 10 48 60 02 00 00 00 +.H`....
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 238
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0xee
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 27 of length 242 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=238
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1728
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 154 (0x9A)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 154 (0x9A)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30488 (0x7718)
- smb_bcc=171
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 9A 00 00 00 01 00 00 ........ ........
- [020] 00 82 00 00 00 00 00 05 00 00 00 02 00 0C 00 00 ........ ........
- [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
- [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
- [050] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 48 00 44 ........ .....H.D
- [060] 00 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F .S.-.V.I .R.T.B.O
- [070] 00 58 00 31 00 24 00 00 00 02 00 75 4D 0D 00 00 .X.1.$.. ...uM...
- [080] 00 00 00 00 00 0D 00 00 00 48 00 44 00 53 00 2D ........ .H.D.S.-
- [090] 00 56 00 49 00 52 00 54 00 42 00 4F 00 58 00 31 .V.I.R.T .B.O.X.1
- [0A0] 00 00 00 E8 DB 52 90 EC 3B 18 7B .....R.. ;.{
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=154 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7718
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7718 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "NETLOGON" (pnum 7718)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x111d180 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7718 name: NETLOGON open: Yes len: 154
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 9A 00 00 00 01 00 00 00 ........ ........
- [010] 82 00 00 00 00 00 05 00 00 00 02 00 0C 00 00 00 ........ ........
- [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
- [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
- [040] 0E 00 00 00 00 00 00 00 0E 00 00 00 48 00 44 00 ........ ....H.D.
- [050] 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F 00 S.-.V.I. R.T.B.O.
- [060] 58 00 31 00 24 00 00 00 02 00 75 4D 0D 00 00 00 X.1.$... ..uM....
- [070] 00 00 00 00 0D 00 00 00 48 00 44 00 53 00 2D 00 ........ H.D.S.-.
- [080] 56 00 49 00 52 00 54 00 42 00 4F 00 58 00 31 00 V.I.R.T. B.O.X.1.
- [090] 00 00 E8 DB 52 90 EC 3B 18 7B ....R..; .{
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 154
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 154
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 154, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 138
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 138
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 009a
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 138
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 138, incoming data = 138
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000082
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0005
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 76
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: NETLOGON op 0x5 - created /tmp/in_NETLOGON_5.17.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[5].fn == 0x508188
- netr_ServerAuthenticate: struct netr_ServerAuthenticate
- in: struct netr_ServerAuthenticate
- server_name : *
- server_name : '\\HDS-LINUX'
- account_name : 'HDS-VIRTBOX1$'
- secure_channel_type : SEC_CHAN_WKSTA (2)
- computer_name : 'HDS-VIRTBOX1'
- credentials : *
- credentials: struct netr_Credential
- data : e8db5290ec3b187b
- netr_ServerAuthenticate: struct netr_ServerAuthenticate
- out: struct netr_ServerAuthenticate
- return_credentials : *
- return_credentials: struct netr_Credential
- data : 0000000000000000
- result : NT_STATUS_ACCESS_DENIED
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_NETLOGON_5.17.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called NETLOGON successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 138
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7718 name: NETLOGON len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0024
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000001
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 0000000c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=92
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1728
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 36 (0x24)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 36 (0x24)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=37
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
- [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [020] 00 22 00 00 C0 ."...
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 41
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x29
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 28 of length 45 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=41
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1792
- smt_wct=3
- smb_vwv[ 0]=30488 (0x7718)
- smb_vwv[ 1]=65535 (0xFFFF)
- smb_vwv[ 2]=65535 (0xFFFF)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBclose (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBclose.70.req len 45
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7718
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name NETLOGON pnum=7718 (pipes_open=2)
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=2)
- [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
- reply_pipe_close: pnum:7718
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
- close_policy_by_pipe: deleted handle list for pipe NETLOGON
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
- closed pipe name NETLOGON pnum=7718 (pipes_open=1)
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 4E45544C4F474F4E2F32313934382F333034383800
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x1120a30
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1792
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 128
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x80
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 29 of length 132 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=128
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1856
- smt_wct=16
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 44 (0x2C)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 1024 (0x400)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 0 (0x0)
- smb_vwv[ 7]= 0 (0x0)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 84 (0x54)
- smb_vwv[11]= 44 (0x2C)
- smb_vwv[12]= 84 (0x54)
- smb_vwv[13]= 2 (0x2)
- smb_vwv[14]= 38 (0x26)
- smb_vwv[15]=30485 (0x7715)
- smb_bcc=61
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
- [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,......
- [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........
- [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtrans (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
- trans <\PIPE\> data=44 params=0 setup=2
- [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
- calling named_pipe
- [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
- named pipe command on <> name
- [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
- api_fd_reply
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
- Got API command 0x26 on pipe "lsarpc" (pnum 7715)
- [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
- api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
- write_to_pipe: 7715 name: lsarpc open: Yes len: 44
- [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
- [000] 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 ........ ,.......
- [010] 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........
- [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
- fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 16
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 002c
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000004
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
- unmarshall_rpc_header: using little-endian RPC
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
- unmarshall_rpc_header: type = 0, flags = 3
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
- write_to_pipe: data_left = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
- process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
- process_complete_pdu: processing packet type 0
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr_req req
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0000 alloc_hint: 00000014
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0004 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0006 opnum : 0000
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
- Requested \PIPE\lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
- api_rpcTNP: lsarpc op 0x0 - created /tmp/in_lsarpc_0.18.prs
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
- api_rpcTNP: rpc command: LSA_CLOSE
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
- api_rpc_cmds[0].fn == 0x4e37d8
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-784b-a962bc550000
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
- Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
- [010] BC 55 00 00 .U..
- [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
- Closed policy
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
- created /tmp/out_lsarpc_0.18.prs
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
- api_rpcTNP: called lsarpc successfully
- [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
- free_pipe_context: destroying talloc pool of size 0
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
- write_to_pipe: data_used = 28
- [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
- read_from_pipe: 7715 name: lsarpc len: 1024
- [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
- read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000000 smb_io_rpc_hdr hdr
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0000 major : 05
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0001 minor : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0002 pkt_type : 02
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0003 flags : 03
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0004 pack_type0: 10
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0005 pack_type1: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0006 pack_type2: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0007 pack_type3: 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0008 frag_len : 0030
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 000a auth_len : 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 000c call_id : 00000004
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
- 000010 smb_io_rpc_hdr_resp resp
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
- 0010 alloc_hint: 00000018
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
- 0014 context_id: 0000
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0016 cancel_ct : 00
- [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
- 0017 reserved : 00
- [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
- copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=104
- smb_com=0x25
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=1332
- smb_uid=100
- smb_mid=1856
- smt_wct=10
- smb_vwv[ 0]= 0 (0x0)
- smb_vwv[ 1]= 48 (0x30)
- smb_vwv[ 2]= 0 (0x0)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 56 (0x38)
- smb_vwv[ 5]= 0 (0x0)
- smb_vwv[ 6]= 48 (0x30)
- smb_vwv[ 7]= 56 (0x38)
- smb_vwv[ 8]= 0 (0x0)
- smb_vwv[ 9]= 0 (0x0)
- smb_bcc=49
- [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
- [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
- [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
- [030] 00 .
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 41
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x29
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 30 of length 45 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=41
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1920
- smt_wct=3
- smb_vwv[ 0]=30485 (0x7715)
- smb_vwv[ 1]=65535 (0xFFFF)
- smb_vwv[ 2]=65535 (0xFFFF)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBclose (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBclose.71.req len 45
- [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
- change_to_user: Skipping user change - already user
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
- search for pipe pnum=7715
- [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
- pipe name lsarpc pnum=7715 (pipes_open=1)
- [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
- reply_pipe_close: pnum:7715
- [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
- close_policy_by_pipe: deleted handle list for pipe lsarpc
- [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
- closed pipe name lsarpc pnum=7715 (pipes_open=0)
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key 6C73617270632F32313934382F333034383500
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x11196f0
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key 6C73617270632F32313934382F333034383500
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x4
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=1920
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 39
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x27
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 31 of length 43 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=39
- smb_com=0x74
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=1984
- smt_wct=2
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBulogoffX (pid 21948) conn 0x0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBulogoffX.30.req len 43
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/reply.c:reply_ulogoffX(1910)
- ulogoffX vuid=100
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=39
- smb_com=0x74
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=1984
- smt_wct=2
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]= 0 (0x0)
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
- got smb length of 35
- [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
- got message type 0x0 of len 0x23
- [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
- Transaction 32 of length 39 (0 toread)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x71
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=2048
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
- switch message SMBtdis (pid 21948) conn 0x10fd8d0
- [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
- created /tmp/SMBtdis.31.req len 39
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/service.c:close_cnum(1409)
- hds-virtbox1 (::ffff:192.168.1.183) closed connection to service IPC$
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to IPC$
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x111a940
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 4] smbd/vfs.c:vfs_ChDir(733)
- vfs_ChDir to /
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x71
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=136
- smb_flg2=51201
- smb_tid=1
- smb_pid=65279
- smb_uid=100
- smb_mid=2048
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
- read_socket_with_timeout: blocking read. EOF from client.
- [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
- receive_smb_raw: NT_STATUS_END_OF_FILE
- [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
- receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
- [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
- Closing cache file
- [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
- namecache_shutdown: netbios namecache closed successfully.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x1108860
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
- Server exit (normal exit)
- [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
- lp_file_list_changed()
- file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
- make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
- is_trusted_domain: Checking for domain trust with [SEMARKIT]
- [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
- ldapsam_get_trusteddom_pw called for domain SEMARKIT
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
- The connection to the LDAP server was closed
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
- smb_ldap_setup_connection: ldap://127.0.0.1:389
- [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
- smbldap_open_connection: connection opened
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
- ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
- [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
- ldap_connect_system: successful connection to the LDAP server
- ldap_connect_system: LDAP server does support paged results
- [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
- Added timed event "smbldap_idle_fn": 1032a60
- [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
- The LDAP server is successfully connected
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
- Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
- Cache entry with key = TDOM/SEMARKIT couldn't be found
- [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
- no entry for trusted domain SEMARKIT found.
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
- attempting to make a user_info for Admin (Admin)
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
- making strings for Admin's user_info struct
- [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
- making blobs for Admin's user_info struct
- [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
- made an encrypted user_info for Admin (Admin)
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
- check_ntlm_password: Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
- [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
- check_ntlm_password: mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
- check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
- challenge is:
- [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
- [000] AC 05 48 7F D1 94 0E FD ..H.....
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
- check_ntlm_password: guest had nothing to say
- [2010/02/14 20:52:57, 8] lib/util.c:is_myname(2098)
- is_myname("SEMARKIT") returns 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
- smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
- [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
- smbldap_open: already connected to the LDAP server
- [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
- init_sam_from_ldap: Entry found for user: Admin
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
- pdb_set_username: setting username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 12 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
- pdb_set_domain: setting domain SEMARKIT, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 14 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
- pdb_set_nt_username: setting nt username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 15 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
- pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
- pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 18 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
- element 18: SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 21 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 5 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 6 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 7 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 9 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 10 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute displayName does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
- pdb_set_full_name: setting full name Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 13 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaHomeDrive does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
- pdb_set_dir_drive: setting dir drive H:, was NULL
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 3 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaHomePath does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
- pdb_set_homedir: setting home dir \\hds-linux\admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 1 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaLogonScript does not exist
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
- pdb_set_logon_script: setting logon script scripts/logon.bat, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 4 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaProfilePath does not exist
- [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
- Home server: hds-linux
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
- pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 2 -> now DEFAULT
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute description does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaUserWorkstations does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaMungedDial does not exist
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 32 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 33 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 20 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 16 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 17 -> now SET
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaBadPasswordCount does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaBadPasswordTime does not exist
- [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
- attribute sambaLogonHours does not exist
- [2010/02/14 20:52:57, 5] passdb/login_cache.c:login_cache_init(40)
- Opening cache file at /var/cache/samba/login_cache.tdb
- [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(86)
- Looking up login cache for user Admin
- [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(100)
- No cache entry found
- [2010/02/14 20:52:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
- No cache entry, bad count = 0, bad time = 0
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
- element 35 -> now CHANGED
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
- Finding user Admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
- Trying _Get_Pwnam(), username as lowercase is admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(85)
- Trying _Get_Pwnam(), username as given is Admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(95)
- Trying _Get_Pwnam(), username as uppercase is ADMIN
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(104)
- Checking combinations of 0 uppercase letters in admin
- [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
- Get_Pwnam_internals didn't find user [Admin]!
- [2010/02/14 20:52:57, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
- pdb_get_group_sid: Failed to find Unix account for Admin
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 3: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 1: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 4: DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
- element 2: DEFAULT
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
- tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
- [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
- tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 5 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 6 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 7 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 8 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 9 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 10 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 21 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
- pdb_set_username: setting username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 12 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
- pdb_set_domain: setting domain SEMARKIT, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 14 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
- pdb_set_nt_username: setting nt username Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 15 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
- pdb_set_full_name: setting full name Admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 13 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
- pdb_set_homedir: setting home dir \\hds-linux\admin, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 1 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
- pdb_set_dir_drive: setting dir drive H:, was NULL
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 3 -> now DEFAULT
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
- pdb_set_logon_script: setting logon script scripts/logon.bat, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 4 -> now DEFAULT
- [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
- Home server: hds-linux
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
- pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
- element 2 -> now DEFAULT
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 23 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
- pdb_set_workstations: setting workstations , was
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 24 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 26 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 33 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/password history, value = 0
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 34 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
- pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 18 -> now SET
- [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 16 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 29 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 30 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 31 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 20 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 17 -> now SET
- [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
- element 27 -> now SET
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 9] passdb/passdb.c:pdb_update_autolock_flag(1417)
- pdb_update_autolock_flag: Account Admin not autolocked, no check needed
- [2010/02/14 20:52:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328)
- ntlm_password_check: Checking NT MD4 password
- [2010/02/14 20:52:57, 4] auth/auth_sam.c:sam_account_ok(137)
- sam_account_ok: Checking SMB password for user Admin
- [2010/02/14 20:52:57, 5] auth/auth_sam.c:logon_hours_ok(119)
- logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
- )
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
- Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
- , timeout = Sun Feb 14 20:53:57 2010
- [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
- ldapsam_get_account_policy: got valid value from cache
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 1] auth/auth_util.c:make_server_info_sam(562)
- User Admin in passdb, but getpwnam() fails!
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 0] auth/auth_sam.c:check_sam_security(355)
- check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
- [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(272)
- check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
- [2010/02/14 20:52:57, 3] auth/auth_winbind.c:check_winbind_security(54)
- check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
- [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
- check_ntlm_password: winbind had nothing to say
- [2010/02/14 20:52:57, 2] auth/auth.c:check_ntlm_password(318)
- check_ntlm_password: Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
- [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
- attempting to free (and zero) a user_info structure
- [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
- structure was created for Admin
- [2010/02/14 20:52:57, 3] smbd/error.c:error_packet_set(61)
- error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
- [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
- size=35
- smb_com=0x73
- smb_rcls=109
- smb_reh=0
- smb_err=49152
- smb_flg=136
- smb_flg2=51201
- smb_tid=0
- smb_pid=65279
- smb_uid=100
- smb_mid=128
- smt_wct=0
- smb_bcc=0
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
- run_events: Nothing to do
- [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
- read_socket_with_timeout: blocking read. EOF from client.
- [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
- receive_smb_raw: NT_STATUS_END_OF_FILE
- [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
- receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
- [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
- Closing cache file
- [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
- namecache_shutdown: netbios namecache closed successfully.
- [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
- NT user token: (NULL)
- [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
- Yielding connection to
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
- Locking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
- Allocated locked data 0x0x1108350
- [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
- Unlocking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
- Server exit (normal exit)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement