Selveste1

1. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
2. lp_file_list_changed()
3. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
4.  
5. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
6.  
7. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
8. make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
9. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
10. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
11. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
12. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
13. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
14. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
15. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
16. NT user token: (NULL)
17. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
18. UNIX token of user 0
19. Primary group is 0 and contains 0 supplementary groups
20. [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
21. is_trusted_domain: Checking for domain trust with [SEMARKIT]
22. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
23. ldapsam_get_trusteddom_pw called for domain SEMARKIT
24. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
25. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
26. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
27. The connection to the LDAP server was closed
28. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
29. smb_ldap_setup_connection: ldap://127.0.0.1:389
30. [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
31. smbldap_open_connection: connection opened
32. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
33. ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
34. [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
35. ldap_connect_system: successful connection to the LDAP server
36. ldap_connect_system: LDAP server does support paged results
37. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
38. Added timed event "smbldap_idle_fn": 1032a60
39. [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
40. The LDAP server is successfully connected
41. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
42. Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
43. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
44. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
45. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
46. Cache entry with key = TDOM/SEMARKIT couldn't be found
47. [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
48. no entry for trusted domain SEMARKIT found.
49. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
50. attempting to make a user_info for Admin (Admin)
51. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
52. making strings for Admin's user_info struct
53. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
54. making blobs for Admin's user_info struct
55. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
56. made an encrypted user_info for Admin (Admin)
57. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
58. check_ntlm_password: Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
59. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
60. check_ntlm_password: mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
61. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
62. check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
63. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
64. challenge is:
65. [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
66. [000] 11 32 62 0D E9 D0 87 63 .2b....c
67. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
68. check_ntlm_password: guest had nothing to say
69. [2010/02/14 20:52:57, 8] lib/util.c:is_myname(2098)
70. is_myname("SEMARKIT") returns 0
71. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
72. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
73. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
74. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
75. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
76. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
77. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
78. NT user token: (NULL)
79. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
80. UNIX token of user 0
81. Primary group is 0 and contains 0 supplementary groups
82. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
83. smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
84. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
85. smbldap_open: already connected to the LDAP server
86. [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
87. init_sam_from_ldap: Entry found for user: Admin
88. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
89. pdb_set_username: setting username Admin, was
90. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
91. element 12 -> now SET
92. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
93. pdb_set_domain: setting domain SEMARKIT, was
94. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
95. element 14 -> now DEFAULT
96. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
97. pdb_set_nt_username: setting nt username Admin, was
98. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
99. element 15 -> now SET
100. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
101. pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
102. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
103. pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
104. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
105. element 18 -> now SET
106. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
107. element 18: SET
108. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
109. element 21 -> now SET
110. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
111. element 5 -> now SET
112. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
113. element 6 -> now SET
114. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
115. element 7 -> now SET
116. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
117. element 9 -> now SET
118. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
119. element 10 -> now SET
120. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
121. attribute displayName does not exist
122. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
123. pdb_set_full_name: setting full name Admin, was
124. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
125. element 13 -> now SET
126. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
127. attribute sambaHomeDrive does not exist
128. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
129. pdb_set_dir_drive: setting dir drive H:, was NULL
130. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
131. element 3 -> now DEFAULT
132. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
133. attribute sambaHomePath does not exist
134. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
135. pdb_set_homedir: setting home dir \\hds-linux\admin, was
136. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
137. element 1 -> now DEFAULT
138. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
139. attribute sambaLogonScript does not exist
140. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
141. pdb_set_logon_script: setting logon script scripts/logon.bat, was
142. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
143. element 4 -> now DEFAULT
144. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
145. attribute sambaProfilePath does not exist
146. [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
147. Home server: hds-linux
148. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
149. pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
150. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
151. element 2 -> now DEFAULT
152. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
153. attribute description does not exist
154. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
155. attribute sambaUserWorkstations does not exist
156. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
157. attribute sambaMungedDial does not exist
158. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
159. element 32 -> now SET
160. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
161. element 33 -> now SET
162. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
163. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
164. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
165. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
166. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
167. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
168. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
169. NT user token: (NULL)
170. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
171. UNIX token of user 0
172. Primary group is 0 and contains 0 supplementary groups
173. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
174. Cache entry with key = ACCT_POL/password history couldn't be found
175. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
176. ldapsam_get_account_policy_from_ldap
177. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
178. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
179. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
180. smbldap_open: already connected to the LDAP server
181. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
182. ldapsam_get_account_policy: failed to retrieve from ldap
183. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
184. ldapsam_set_account_policy_in_ldap
185. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
186. smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
187. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
188. smbldap_open: already connected to the LDAP server
189. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
190. lp_file_list_changed()
191. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
192.  
193. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
194.  
195. [2010/02/14 20:52:57, 5] smbd/reply.c:reply_special(472)
196. init msg_type=0x81 msg_flags=0x0
197. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
198. run_events: Nothing to do
199. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
200. run_events: Nothing to do
201. [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
202. read_socket_with_timeout: blocking read. EOF from client.
203. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
204. receive_smb_raw: NT_STATUS_END_OF_FILE
205. [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
206. receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
207. [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
208. Closing cache file
209. [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
210. namecache_shutdown: netbios namecache closed successfully.
211. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
212. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
213. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
214. NT user token: (NULL)
215. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
216. UNIX token of user 0
217. Primary group is 0 and contains 0 supplementary groups
218. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
219. change_to_root_user: now uid=(0,0) gid=(0,0)
220. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
221. Yielding connection to
222. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
223. Locking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
224. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
225. Allocated locked data 0x0x10b9350
226. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(42)
227. deleting connection record returned NT_STATUS_NOT_FOUND
228. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
229. Unlocking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
230. [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
231. Server exit (normal exit)
232. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
233. cache_account_policy_set: updating account pol cache
234. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
235. Adding cache entry with key = ACCT_POL/password history; value = 0
236. and timeout = Sun Feb 14 20:53:57 2010
237. (60 seconds ahead)
238. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
239. cache_account_policy_set: updating account pol cache
240. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
241. Adding cache entry with key = ACCT_POL/password history; value = 0
242. and timeout = Sun Feb 14 20:53:57 2010
243. (60 seconds ahead)
244. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
245. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
246. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
247. element 20 -> now SET
248. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
249. element 16 -> now SET
250. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
251. element 17 -> now SET
252. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
253. attribute sambaBadPasswordCount does not exist
254. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
255. attribute sambaBadPasswordTime does not exist
256. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
257. attribute sambaLogonHours does not exist
258. [2010/02/14 20:52:57, 5] passdb/login_cache.c:login_cache_init(40)
259. Opening cache file at /var/cache/samba/login_cache.tdb
260. [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(86)
261. Looking up login cache for user Admin
262. [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(100)
263. No cache entry found
264. [2010/02/14 20:52:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
265. No cache entry, bad count = 0, bad time = 0
266. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
267. element 35 -> now CHANGED
268. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
269. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
270. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
271. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
272. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
273. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
274. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
275. NT user token: (NULL)
276. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
277. UNIX token of user 0
278. Primary group is 0 and contains 0 supplementary groups
279. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
280. Cache entry with key = ACCT_POL/maximum password age couldn't be found
281. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
282. ldapsam_get_account_policy_from_ldap
283. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
284. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
285. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
286. smbldap_open: already connected to the LDAP server
287. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
288. ldapsam_get_account_policy: failed to retrieve from ldap
289. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
290. ldapsam_set_account_policy_in_ldap
291. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
292. smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
293. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
294. smbldap_open: already connected to the LDAP server
295. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
296. cache_account_policy_set: updating account pol cache
297. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
298. Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
299. and timeout = Sun Feb 14 20:53:57 2010
300. (60 seconds ahead)
301. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
302. cache_account_policy_set: updating account pol cache
303. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
304. Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
305. and timeout = Sun Feb 14 20:53:57 2010
306. (60 seconds ahead)
307. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
308. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
309. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
310. Finding user Admin
311. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
312. Trying _Get_Pwnam(), username as lowercase is admin
313. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(85)
314. Trying _Get_Pwnam(), username as given is Admin
315. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(95)
316. Trying _Get_Pwnam(), username as uppercase is ADMIN
317. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(104)
318. Checking combinations of 0 uppercase letters in admin
319. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
320. Get_Pwnam_internals didn't find user [Admin]!
321. [2010/02/14 20:52:57, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
322. pdb_get_group_sid: Failed to find Unix account for Admin
323. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
324. element 3: DEFAULT
325. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
326. element 1: DEFAULT
327. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
328. element 4: DEFAULT
329. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
330. element 2: DEFAULT
331. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
332. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
333. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
334. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
335. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
336. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
337. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
338. NT user token: (NULL)
339. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
340. UNIX token of user 0
341. Primary group is 0 and contains 0 supplementary groups
342. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
343. Returning valid cache entry: key = ACCT_POL/password history, value = 0
344. , timeout = Sun Feb 14 20:53:57 2010
345. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
346. ldapsam_get_account_policy: got valid value from cache
347. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
348. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
349. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
350. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
351. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
352. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
353. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
354. tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
355. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
356. element 5 -> now SET
357. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
358. element 6 -> now SET
359. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
360. element 7 -> now SET
361. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
362. element 8 -> now SET
363. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
364. element 9 -> now SET
365. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
366. element 10 -> now SET
367. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
368. element 21 -> now SET
369. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
370. pdb_set_username: setting username Admin, was
371. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
372. element 12 -> now SET
373. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
374. pdb_set_domain: setting domain SEMARKIT, was
375. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
376. element 14 -> now SET
377. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
378. pdb_set_nt_username: setting nt username Admin, was
379. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
380. element 15 -> now SET
381. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
382. pdb_set_full_name: setting full name Admin, was
383. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
384. element 13 -> now SET
385. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
386. pdb_set_homedir: setting home dir \\hds-linux\admin, was
387. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
388. element 1 -> now DEFAULT
389. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
390. pdb_set_dir_drive: setting dir drive H:, was NULL
391. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
392. element 3 -> now DEFAULT
393. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
394. pdb_set_logon_script: setting logon script scripts/logon.bat, was
395. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
396. element 4 -> now DEFAULT
397. [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
398. Home server: hds-linux
399. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
400. pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
401. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
402. element 2 -> now DEFAULT
403. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
404. element 23 -> now SET
405. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
406. pdb_set_workstations: setting workstations , was
407. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
408. element 24 -> now SET
409. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
410. element 26 -> now SET
411. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
412. element 33 -> now SET
413. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
414. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
415. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
416. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
417. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
418. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
419. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
420. NT user token: (NULL)
421. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
422. UNIX token of user 0
423. Primary group is 0 and contains 0 supplementary groups
424. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
425. Returning valid cache entry: key = ACCT_POL/password history, value = 0
426. , timeout = Sun Feb 14 20:53:57 2010
427. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
428. ldapsam_get_account_policy: got valid value from cache
429. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
430. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
431. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
432. element 34 -> now SET
433. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
434. pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
435. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
436. element 18 -> now SET
437. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
438. pdb_set_user_sid_from_rid:
439. setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
440. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
441. element 16 -> now SET
442. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
443. element 29 -> now SET
444. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
445. element 30 -> now SET
446. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
447. element 31 -> now SET
448. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
449. element 20 -> now SET
450. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
451. element 17 -> now SET
452. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
453. element 27 -> now SET
454. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
455. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
456. [2010/02/14 20:52:57, 9] passdb/passdb.c:pdb_update_autolock_flag(1417)
457. pdb_update_autolock_flag: Account Admin not autolocked, no check needed
458. [2010/02/14 20:52:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328)
459. ntlm_password_check: Checking NT MD4 password
460. [2010/02/14 20:52:57, 4] auth/auth_sam.c:sam_account_ok(137)
461. sam_account_ok: Checking SMB password for user Admin
462. [2010/02/14 20:52:57, 5] auth/auth_sam.c:logon_hours_ok(119)
463. logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
464. )
465. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
466. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
467. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
468. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
469. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
470. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
471. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
472. NT user token: (NULL)
473. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
474. UNIX token of user 0
475. Primary group is 0 and contains 0 supplementary groups
476. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
477. Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
478. , timeout = Sun Feb 14 20:53:57 2010
479. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
480. ldapsam_get_account_policy: got valid value from cache
481. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
482. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
483. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
484. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
485. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
486. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
487. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
488. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
489. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
490. NT user token: (NULL)
491. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
492. UNIX token of user 0
493. Primary group is 0 and contains 0 supplementary groups
494. [2010/02/14 20:52:57, 1] auth/auth_util.c:make_server_info_sam(562)
495. User Admin in passdb, but getpwnam() fails!
496. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
497. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
498. [2010/02/14 20:52:57, 0] auth/auth_sam.c:check_sam_security(355)
499. check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
500. [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(272)
501. check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
502. [2010/02/14 20:52:57, 3] auth/auth_winbind.c:check_winbind_security(54)
503. check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
504. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
505. check_ntlm_password: winbind had nothing to say
506. [2010/02/14 20:52:57, 2] auth/auth.c:check_ntlm_password(318)
507. check_ntlm_password: Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
508. [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
509. attempting to free (and zero) a user_info structure
510. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
511. structure was created for Admin
512. [2010/02/14 20:52:57, 3] smbd/error.c:error_packet_set(61)
513. error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
514. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
515. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
516. size=35
517. smb_com=0x73
518. smb_rcls=109
519. smb_reh=0
520. smb_err=49152
521. smb_flg=136
522. smb_flg2=51201
523. smb_tid=0
524. smb_pid=65279
525. smb_uid=100
526. smb_mid=128
527. smt_wct=0
528. smb_bcc=0
529. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
530. run_events: Nothing to do
531. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
532. run_events: Nothing to do
533. [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
534. read_socket_with_timeout: blocking read. EOF from client.
535. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
536. receive_smb_raw: NT_STATUS_END_OF_FILE
537. [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
538. receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
539. [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
540. Closing cache file
541. [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
542. namecache_shutdown: netbios namecache closed successfully.
543. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
544. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
545. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
546. NT user token: (NULL)
547. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
548. UNIX token of user 0
549. Primary group is 0 and contains 0 supplementary groups
550. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
551. change_to_root_user: now uid=(0,0) gid=(0,0)
552. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
553. Yielding connection to
554. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
555. Locking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
556. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
557. Allocated locked data 0x0x10ba880
558. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
559. Unlocking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
560. [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
561. Server exit (normal exit)
562. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
563. lp_file_list_changed()
564. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
565.  
566. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
567.  
568. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
569. make_user_info_map: Mapping user []\[] from workstation [HDS-VIRTBOX1]
570. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
571. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
572. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
573. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
574. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
575. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
576. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
577. NT user token: (NULL)
578. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
579. UNIX token of user 0
580. Primary group is 0 and contains 0 supplementary groups
581. [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
582. is_trusted_domain: Checking for domain trust with [SEMARKIT]
583. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
584. ldapsam_get_trusteddom_pw called for domain SEMARKIT
585. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
586. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
587. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
588. The connection to the LDAP server was closed
589. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
590. smb_ldap_setup_connection: ldap://127.0.0.1:389
591. [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
592. smbldap_open_connection: connection opened
593. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
594. ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
595. [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
596. ldap_connect_system: successful connection to the LDAP server
597. ldap_connect_system: LDAP server does support paged results
598. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
599. Added timed event "smbldap_idle_fn": 110bb80
600. [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
601. The LDAP server is successfully connected
602. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
603. Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
604. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
605. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
606. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
607. Cache entry with key = TDOM/SEMARKIT couldn't be found
608. [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
609. no entry for trusted domain SEMARKIT found.
610. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
611. attempting to make a user_info for ()
612. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
613. making strings for 's user_info struct
614. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
615. making blobs for 's user_info struct
616. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
617. made an encrypted user_info for ()
618. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
619. check_ntlm_password: Checking password for unmapped user []\[]@[HDS-VIRTBOX1] with the new password interface
620. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
621. check_ntlm_password: mapped user is: [SEMARKIT]\[]@[HDS-VIRTBOX1]
622. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
623. check_ntlm_password: auth_context challenge created by random
624. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
625. challenge is:
626. [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
627. [000] 74 D8 AD B0 A0 D9 03 BE t.......
628. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
629. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
630. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
631. smbldap_open: already connected to the LDAP server
632. [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
633. ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))
634. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
635. element 3: DEFAULT
636. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
637. element 1: DEFAULT
638. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
639. element 4: DEFAULT
640. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
641. element 2: DEFAULT
642. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
643. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
644. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
645. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
646. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
647. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
648. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
649. NT user token: (NULL)
650. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
651. UNIX token of user 0
652. Primary group is 0 and contains 0 supplementary groups
653. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
654. Returning valid cache entry: key = ACCT_POL/password history, value = 0
655. , timeout = Sun Feb 14 20:53:57 2010
656. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
657. ldapsam_get_account_policy: got valid value from cache
658. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
659. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
660. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
661. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 177
662. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
663. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
664. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
665. tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
666. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
667. element 5 -> now SET
668. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
669. element 6 -> now SET
670. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
671. element 7 -> now SET
672. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
673. element 8 -> now SET
674. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
675. element 9 -> now SET
676. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
677. element 10 -> now SET
678. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
679. element 21 -> now SET
680. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
681. pdb_set_username: setting username nobody, was
682. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
683. element 12 -> now SET
684. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
685. pdb_set_domain: setting domain SEMARKIT, was
686. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
687. element 14 -> now SET
688. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
689. pdb_set_nt_username: setting nt username , was
690. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
691. element 15 -> now SET
692. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
693. pdb_set_full_name: setting full name nobody, was
694. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
695. element 13 -> now SET
696. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
697. pdb_set_homedir: setting home dir \\hds-linux\nobody, was
698. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
699. element 1 -> now DEFAULT
700. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
701. pdb_set_dir_drive: setting dir drive H:, was NULL
702. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
703. element 3 -> now DEFAULT
704. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
705. pdb_set_logon_script: setting logon script scripts/logon.bat, was
706. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
707. element 4 -> now DEFAULT
708. [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
709. Home server: hds-linux
710. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
711. pdb_set_profile_path: setting profile path \\hds-linux\nobody\profile, was
712. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
713. element 2 -> now DEFAULT
714. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
715. element 23 -> now SET
716. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
717. pdb_set_workstations: setting workstations , was
718. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
719. element 24 -> now SET
720. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
721. element 26 -> now SET
722. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
723. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
724. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
725. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
726. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
727. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
728. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
729. NT user token: (NULL)
730. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
731. UNIX token of user 0
732. Primary group is 0 and contains 0 supplementary groups
733. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
734. Returning valid cache entry: key = ACCT_POL/password history, value = 0
735. , timeout = Sun Feb 14 20:53:57 2010
736. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
737. ldapsam_get_account_policy: got valid value from cache
738. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
739. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
740. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
741. element 34 -> now SET
742. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
743. pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-501
744. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
745. element 18 -> now SET
746. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
747. pdb_set_user_sid_from_rid:
748. setting user sid S-1-5-21-2934603361-1946261283-2740193522-501 from rid 501
749. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
750. element 16 -> now SET
751. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
752. element 29 -> now SET
753. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
754. element 30 -> now SET
755. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
756. element 31 -> now SET
757. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
758. element 20 -> now SET
759. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
760. element 17 -> now SET
761. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
762. element 27 -> now SET
763. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(269)
764. check_ntlm_password: guest authentication for user [] succeeded
765. [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(308)
766. check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded
767. [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
768. attempting to free (and zero) a user_info structure
769. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
770. structure was created for
771. [2010/02/14 20:52:57, 10] auth/token_util.c:create_local_nt_token(302)
772. Create local NT token for S-1-5-21-2934603361-1946261283-2740193522-501
773. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
774. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
775. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
776. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
777. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
778. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
779. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
780. NT user token: (NULL)
781. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
782. UNIX token of user 0
783. Primary group is 0 and contains 0 supplementary groups
784. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
785. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
786. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
787. smbldap_open: already connected to the LDAP server
788. [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
789. init_group_from_ldap: Entry found for group: 544
790. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
791. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
792. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1276)
793. LEGACY: sid S-1-5-32-544 -> gid 544
794. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
795. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
796. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
797. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
798. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
799. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
800. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
801. NT user token: (NULL)
802. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
803. UNIX token of user 0
804. Primary group is 0 and contains 0 supplementary groups
805. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
806. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
807. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
808. smbldap_open: already connected to the LDAP server
809. [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
810. ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))
811. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
812. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
813. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
814. LEGACY: mapping failed for sid S-1-5-32-545
815. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
816. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
817. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
818. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
819. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
820. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
821. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
822. NT user token: (NULL)
823. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
824. UNIX token of user 0
825. Primary group is 0 and contains 0 supplementary groups
826. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
827. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
828. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
829. smbldap_open: already connected to the LDAP server
830. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
831. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
832. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
833. smbldap_open: already connected to the LDAP server
834. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
835. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
836. [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
837. get_privileges: No privileges assigned to SID [S-1-5-21-2934603361-1946261283-2740193522-501]
838. [2010/02/14 20:52:57, 5] lib/privileges.c:get_privileges_for_sids(128)
839. get_privileges_for_sids: sid = S-1-1-0
840. Privilege set:
841. SE_PRIV 0x0 0x0 0x0 0x0
842. [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
843. get_privileges: No privileges assigned to SID [S-1-5-2]
844. [2010/02/14 20:52:57, 3] lib/privileges.c:get_privileges(63)
845. get_privileges: No privileges assigned to SID [S-1-5-32-546]
846. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
847. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
848. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
849. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
850. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
851. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
852. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
853. NT user token: (NULL)
854. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
855. UNIX token of user 0
856. Primary group is 0 and contains 0 supplementary groups
857. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
858. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
859. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
860. smbldap_open: already connected to the LDAP server
861. [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
862. ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))
863. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
864. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
865. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
866. LEGACY: mapping failed for sid S-1-1-0
867. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
868. Could not convert SID S-1-1-0 to gid, ignoring it
869. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
870. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
871. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
872. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
873. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
874. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
875. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
876. NT user token: (NULL)
877. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
878. UNIX token of user 0
879. Primary group is 0 and contains 0 supplementary groups
880. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
881. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
882. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
883. smbldap_open: already connected to the LDAP server
884. [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
885. ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))
886. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
887. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
888. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
889. LEGACY: mapping failed for sid S-1-5-2
890. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
891. Could not convert SID S-1-5-2 to gid, ignoring it
892. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
893. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
894. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
895. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
896. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
897. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
898. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
899. NT user token: (NULL)
900. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
901. UNIX token of user 0
902. Primary group is 0 and contains 0 supplementary groups
903. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
904. smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2]
905. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
906. smbldap_open: already connected to the LDAP server
907. [2010/02/14 20:52:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
908. ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))
909. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
910. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
911. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
912. LEGACY: mapping failed for sid S-1-5-32-546
913. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
914. Could not convert SID S-1-5-32-546 to gid, ignoring it
915. [2010/02/14 20:52:57, 10] auth/token_util.c:debug_nt_user_token(470)
916. NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
917. contains 4 SIDs
918. SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
919. SID[ 1]: S-1-1-0
920. SID[ 2]: S-1-5-2
921. SID[ 3]: S-1-5-32-546
922. SE_PRIV 0x0 0x0 0x0 0x0
923. [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137)
924. Got NT session key of length 16
925. [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144)
926. Got LM session key of length 16
927. [2010/02/14 20:52:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848)
928. ntlmssp_server_auth: Using unmodified nt session key.
929. [2010/02/14 20:52:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
930. NTLMSSP Sign/Seal - Initialising with flags:
931. [2010/02/14 20:52:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
932. Got NTLMSSP neg_flags=0xa2088205
933. NTLMSSP_NEGOTIATE_UNICODE
934. NTLMSSP_REQUEST_TARGET
935. NTLMSSP_NEGOTIATE_NTLM
936. NTLMSSP_NEGOTIATE_ALWAYS_SIGN
937. NTLMSSP_NEGOTIATE_NTLM2
938. NTLMSSP_NEGOTIATE_128
939. NTLMSSP_NEGOTIATE_56
940. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
941. element 22: DEFAULT
942. [2010/02/14 20:52:57, 10] smbd/password.c:register_existing_vuid(310)
943. register_existing_vuid: (65534,65534) nobody SEMARKIT guest=1
944. [2010/02/14 20:52:57, 3] smbd/password.c:register_existing_vuid(314)
945. register_existing_vuid: User name: nobody Real name: nobody
946. [2010/02/14 20:52:57, 3] smbd/password.c:register_existing_vuid(326)
947. register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100
948. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
949. lp_file_list_changed()
950. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
951.  
952. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
953.  
954. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
955. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
956. size=104
957. smb_com=0x73
958. smb_rcls=0
959. smb_reh=0
960. smb_err=0
961. smb_flg=136
962. smb_flg2=51201
963. smb_tid=0
964. smb_pid=65279
965. smb_uid=100
966. smb_mid=128
967. smt_wct=4
968. smb_vwv[ 0]= 255 (0xFF)
969. smb_vwv[ 1]= 0 (0x0)
970. smb_vwv[ 2]= 1 (0x1)
971. smb_vwv[ 3]= 9 (0x9)
972. smb_bcc=61
973. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
974. [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x
975. [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3
976. [020] 00 2E 00 32 00 2E 00 35 00 00 00 53 00 45 00 4D ...2...5 ...S.E.M
977. [030] 00 41 00 52 00 4B 00 49 00 54 00 00 00 .A.R.K.I .T...
978. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
979. run_events: Nothing to do
980. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
981. lp_file_list_changed()
982. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
983.  
984. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
985.  
986. [2010/02/14 20:52:57, 5] smbd/reply.c:reply_special(472)
987. init msg_type=0x81 msg_flags=0x0
988. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
989. run_events: Nothing to do
990. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
991. run_events: Nothing to do
992. [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
993. read_socket_with_timeout: blocking read. EOF from client.
994. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
995. receive_smb_raw: NT_STATUS_END_OF_FILE
996. [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
997. receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
998. [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
999. Closing cache file
1000. [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
1001. namecache_shutdown: netbios namecache closed successfully.
1002. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
1003. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
1004. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
1005. NT user token: (NULL)
1006. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
1007. UNIX token of user 0
1008. Primary group is 0 and contains 0 supplementary groups
1009. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
1010. change_to_root_user: now uid=(0,0) gid=(0,0)
1011. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
1012. Yielding connection to
1013. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
1014. Locking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1015. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
1016. Allocated locked data 0x0x10b9350
1017. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(42)
1018. deleting connection record returned NT_STATUS_NOT_FOUND
1019. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
1020. Unlocking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1021. [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
1022. Server exit (normal exit)
1023. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
1024. run_events: Nothing to do
1025. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
1026. got smb length of 84
1027. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
1028. got message type 0x0 of len 0x54
1029. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
1030. Transaction 3 of length 88 (0 toread)
1031. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1032. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
1033. size=84
1034. smb_com=0x75
1035. smb_rcls=0
1036. smb_reh=0
1037. smb_err=0
1038. smb_flg=24
1039. smb_flg2=51207
1040. smb_tid=0
1041. smb_pid=65279
1042. smb_uid=100
1043. smb_mid=192
1044. smt_wct=4
1045. smb_vwv[ 0]= 255 (0xFF)
1046. smb_vwv[ 1]= 84 (0x54)
1047. smb_vwv[ 2]= 8 (0x8)
1048. smb_vwv[ 3]= 1 (0x1)
1049. smb_bcc=41
1050. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
1051. [000] 00 5C 00 5C 00 48 00 44 00 53 00 2D 00 4C 00 49 .\.\.H.D .S.-.L.I
1052. [010] 00 4E 00 55 00 58 00 5C 00 49 00 50 00 43 00 24 .N.U.X.\ .I.P.C.$
1053. [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? .
1054. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
1055. switch message SMBtconX (pid 21948) conn 0x0
1056. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
1057. created /tmp/SMBtconX.32.req len 88
1058. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
1059. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
1060. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
1061. NT user token: (NULL)
1062. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
1063. UNIX token of user 0
1064. Primary group is 0 and contains 0 supplementary groups
1065. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
1066. change_to_root_user: now uid=(0,0) gid=(0,0)
1067. [2010/02/14 20:52:57, 4] smbd/reply.c:reply_tcon_and_X(653)
1068. Client requested device type [?????] for share [IPC$]
1069. [2010/02/14 20:52:57, 5] smbd/service.c:make_connection(1384)
1070. making a connection to 'normal' service ipc$
1071. [2010/02/14 20:52:57, 3] lib/access.c:only_ipaddrs_in_list(362)
1072. only_ipaddrs_in_list: list has non-ip address (127.)
1073. [2010/02/14 20:52:57, 3] lib/access.c:check_access(396)
1074. check_access: hostnames in host allow/deny list.
1075. [2010/02/14 20:52:57, 2] lib/access.c:check_access(406)
1076. Allowed connection from UNKNOWN (::ffff:192.168.1.183)
1077. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
1078. Finding user nobody
1079. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
1080. Trying _Get_Pwnam(), username as lowercase is nobody
1081. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
1082. Get_Pwnam_internals did find user [nobody]!
1083. [2010/02/14 20:52:57, 10] smbd/service.c:set_conn_connectpath(161)
1084. set_conn_connectpath: service IPC$, connectpath = /tmp
1085. [2010/02/14 20:52:57, 3] smbd/service.c:make_connection_snum(944)
1086. Connect path is '/tmp' for service [IPC$]
1087. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
1088. se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
1089. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
1090. se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
1091. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
1092. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
1093. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
1094. se_access_check: also S-1-1-0
1095. se_access_check: also S-1-5-2
1096. se_access_check: also S-1-5-32-546
1097. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2
1098. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
1099. se_access_check: access (2) granted.
1100. [2010/02/14 20:52:57, 3] smbd/vfs.c:vfs_init_default(96)
1101. Initialising default vfs hooks
1102. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
1103. vfs_find_backend_entry called for /[Default VFS]/
1104. [2010/02/14 20:52:57, 5] smbd/vfs.c:smb_register_vfs(86)
1105. Successfully added vfs backend '/[Default VFS]/'
1106. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
1107. vfs_find_backend_entry called for posixacl
1108. [2010/02/14 20:52:57, 5] smbd/vfs.c:smb_register_vfs(86)
1109. Successfully added vfs backend 'posixacl'
1110. [2010/02/14 20:52:57, 3] smbd/vfs.c:vfs_init_custom(130)
1111. Initialising custom vfs hooks from [/[Default VFS]/]
1112. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
1113. vfs_find_backend_entry called for /[Default VFS]/
1114. Successfully loaded vfs module [/[Default VFS]/] with the new modules system
1115. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1116. Checking operation #0 (type 0, layer 0)
1117. Making operation type 0 opaque [module /[Default VFS]/]
1118. Accepting operation type 0 from module /[Default VFS]/
1119. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1120. Checking operation #1 (type 1, layer 0)
1121. Making operation type 1 opaque [module /[Default VFS]/]
1122. Accepting operation type 1 from module /[Default VFS]/
1123. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1124. Checking operation #2 (type 2, layer 0)
1125. Making operation type 2 opaque [module /[Default VFS]/]
1126. Accepting operation type 2 from module /[Default VFS]/
1127. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1128. Checking operation #3 (type 3, layer 0)
1129. Making operation type 3 opaque [module /[Default VFS]/]
1130. Accepting operation type 3 from module /[Default VFS]/
1131. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1132. Checking operation #4 (type 4, layer 0)
1133. Making operation type 4 opaque [module /[Default VFS]/]
1134. Accepting operation type 4 from module /[Default VFS]/
1135. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1136. Checking operation #5 (type 5, layer 0)
1137. Making operation type 5 opaque [module /[Default VFS]/]
1138. Accepting operation type 5 from module /[Default VFS]/
1139. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1140. Checking operation #6 (type 6, layer 0)
1141. Making operation type 6 opaque [module /[Default VFS]/]
1142. Accepting operation type 6 from module /[Default VFS]/
1143. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1144. Checking operation #7 (type 7, layer 0)
1145. Making operation type 7 opaque [module /[Default VFS]/]
1146. Accepting operation type 7 from module /[Default VFS]/
1147. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1148. Checking operation #8 (type 8, layer 0)
1149. Making operation type 8 opaque [module /[Default VFS]/]
1150. Accepting operation type 8 from module /[Default VFS]/
1151. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1152. Checking operation #9 (type 9, layer 0)
1153. Making operation type 9 opaque [module /[Default VFS]/]
1154. Accepting operation type 9 from module /[Default VFS]/
1155. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1156. Checking operation #10 (type 10, layer 0)
1157. Making operation type 10 opaque [module /[Default VFS]/]
1158. Accepting operation type 10 from module /[Default VFS]/
1159. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1160. Checking operation #11 (type 11, layer 0)
1161. Making operation type 11 opaque [module /[Default VFS]/]
1162. Accepting operation type 11 from module /[Default VFS]/
1163. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1164. Checking operation #12 (type 12, layer 0)
1165. Making operation type 12 opaque [module /[Default VFS]/]
1166. Accepting operation type 12 from module /[Default VFS]/
1167. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1168. Checking operation #13 (type 13, layer 0)
1169. Making operation type 13 opaque [module /[Default VFS]/]
1170. Accepting operation type 13 from module /[Default VFS]/
1171. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1172. Checking operation #14 (type 14, layer 0)
1173. Making operation type 14 opaque [module /[Default VFS]/]
1174. Accepting operation type 14 from module /[Default VFS]/
1175. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1176. Checking operation #15 (type 15, layer 0)
1177. Making operation type 15 opaque [module /[Default VFS]/]
1178. Accepting operation type 15 from module /[Default VFS]/
1179. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1180. Checking operation #16 (type 16, layer 0)
1181. Making operation type 16 opaque [module /[Default VFS]/]
1182. Accepting operation type 16 from module /[Default VFS]/
1183. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1184. Checking operation #17 (type 17, layer 0)
1185. Making operation type 17 opaque [module /[Default VFS]/]
1186. Accepting operation type 17 from module /[Default VFS]/
1187. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1188. Checking operation #18 (type 18, layer 0)
1189. Making operation type 18 opaque [module /[Default VFS]/]
1190. Accepting operation type 18 from module /[Default VFS]/
1191. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1192. Checking operation #19 (type 19, layer 0)
1193. Making operation type 19 opaque [module /[Default VFS]/]
1194. Accepting operation type 19 from module /[Default VFS]/
1195. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1196. Checking operation #20 (type 20, layer 0)
1197. Making operation type 20 opaque [module /[Default VFS]/]
1198. Accepting operation type 20 from module /[Default VFS]/
1199. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1200. Checking operation #21 (type 21, layer 0)
1201. Making operation type 21 opaque [module /[Default VFS]/]
1202. Accepting operation type 21 from module /[Default VFS]/
1203. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1204. Checking operation #22 (type 22, layer 0)
1205. Making operation type 22 opaque [module /[Default VFS]/]
1206. Accepting operation type 22 from module /[Default VFS]/
1207. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1208. Checking operation #23 (type 23, layer 0)
1209. Making operation type 23 opaque [module /[Default VFS]/]
1210. Accepting operation type 23 from module /[Default VFS]/
1211. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1212. Checking operation #24 (type 24, layer 0)
1213. Making operation type 24 opaque [module /[Default VFS]/]
1214. Accepting operation type 24 from module /[Default VFS]/
1215. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1216. Checking operation #25 (type 25, layer 0)
1217. Making operation type 25 opaque [module /[Default VFS]/]
1218. Accepting operation type 25 from module /[Default VFS]/
1219. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1220. Checking operation #26 (type 26, layer 0)
1221. Making operation type 26 opaque [module /[Default VFS]/]
1222. Accepting operation type 26 from module /[Default VFS]/
1223. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1224. Checking operation #27 (type 27, layer 0)
1225. Making operation type 27 opaque [module /[Default VFS]/]
1226. Accepting operation type 27 from module /[Default VFS]/
1227. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1228. Checking operation #28 (type 28, layer 0)
1229. Making operation type 28 opaque [module /[Default VFS]/]
1230. Accepting operation type 28 from module /[Default VFS]/
1231. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1232. Checking operation #29 (type 29, layer 0)
1233. Making operation type 29 opaque [module /[Default VFS]/]
1234. Accepting operation type 29 from module /[Default VFS]/
1235. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1236. Checking operation #30 (type 30, layer 0)
1237. Making operation type 30 opaque [module /[Default VFS]/]
1238. Accepting operation type 30 from module /[Default VFS]/
1239. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1240. Checking operation #31 (type 31, layer 0)
1241. Making operation type 31 opaque [module /[Default VFS]/]
1242. Accepting operation type 31 from module /[Default VFS]/
1243. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1244. Checking operation #32 (type 32, layer 0)
1245. Making operation type 32 opaque [module /[Default VFS]/]
1246. Accepting operation type 32 from module /[Default VFS]/
1247. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1248. Checking operation #33 (type 33, layer 0)
1249. Making operation type 33 opaque [module /[Default VFS]/]
1250. Accepting operation type 33 from module /[Default VFS]/
1251. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1252. Checking operation #34 (type 34, layer 0)
1253. Making operation type 34 opaque [module /[Default VFS]/]
1254. Accepting operation type 34 from module /[Default VFS]/
1255. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1256. Checking operation #35 (type 35, layer 0)
1257. Making operation type 35 opaque [module /[Default VFS]/]
1258. Accepting operation type 35 from module /[Default VFS]/
1259. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1260. Checking operation #36 (type 36, layer 0)
1261. Making operation type 36 opaque [module /[Default VFS]/]
1262. Accepting operation type 36 from module /[Default VFS]/
1263. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1264. Checking operation #37 (type 37, layer 0)
1265. Making operation type 37 opaque [module /[Default VFS]/]
1266. Accepting operation type 37 from module /[Default VFS]/
1267. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1268. Checking operation #38 (type 38, layer 0)
1269. Making operation type 38 opaque [module /[Default VFS]/]
1270. Accepting operation type 38 from module /[Default VFS]/
1271. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1272. Checking operation #39 (type 39, layer 0)
1273. Making operation type 39 opaque [module /[Default VFS]/]
1274. Accepting operation type 39 from module /[Default VFS]/
1275. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1276. Checking operation #40 (type 40, layer 0)
1277. Making operation type 40 opaque [module /[Default VFS]/]
1278. Accepting operation type 40 from module /[Default VFS]/
1279. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1280. Checking operation #41 (type 41, layer 0)
1281. Making operation type 41 opaque [module /[Default VFS]/]
1282. Accepting operation type 41 from module /[Default VFS]/
1283. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1284. Checking operation #42 (type 42, layer 0)
1285. Making operation type 42 opaque [module /[Default VFS]/]
1286. Accepting operation type 42 from module /[Default VFS]/
1287. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1288. Checking operation #43 (type 43, layer 0)
1289. Making operation type 43 opaque [module /[Default VFS]/]
1290. Accepting operation type 43 from module /[Default VFS]/
1291. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1292. Checking operation #44 (type 44, layer 0)
1293. Making operation type 44 opaque [module /[Default VFS]/]
1294. Accepting operation type 44 from module /[Default VFS]/
1295. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1296. Checking operation #45 (type 45, layer 0)
1297. Making operation type 45 opaque [module /[Default VFS]/]
1298. Accepting operation type 45 from module /[Default VFS]/
1299. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1300. Checking operation #46 (type 46, layer 0)
1301. Making operation type 46 opaque [module /[Default VFS]/]
1302. Accepting operation type 46 from module /[Default VFS]/
1303. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1304. Checking operation #47 (type 47, layer 0)
1305. Making operation type 47 opaque [module /[Default VFS]/]
1306. Accepting operation type 47 from module /[Default VFS]/
1307. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1308. Checking operation #48 (type 48, layer 0)
1309. Making operation type 48 opaque [module /[Default VFS]/]
1310. Accepting operation type 48 from module /[Default VFS]/
1311. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1312. Checking operation #49 (type 49, layer 0)
1313. Making operation type 49 opaque [module /[Default VFS]/]
1314. Accepting operation type 49 from module /[Default VFS]/
1315. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1316. Checking operation #50 (type 50, layer 0)
1317. Making operation type 50 opaque [module /[Default VFS]/]
1318. Accepting operation type 50 from module /[Default VFS]/
1319. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1320. Checking operation #51 (type 51, layer 0)
1321. Making operation type 51 opaque [module /[Default VFS]/]
1322. Accepting operation type 51 from module /[Default VFS]/
1323. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1324. Checking operation #52 (type 52, layer 0)
1325. Making operation type 52 opaque [module /[Default VFS]/]
1326. Accepting operation type 52 from module /[Default VFS]/
1327. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1328. Checking operation #53 (type 53, layer 0)
1329. Making operation type 53 opaque [module /[Default VFS]/]
1330. Accepting operation type 53 from module /[Default VFS]/
1331. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1332. Checking operation #54 (type 54, layer 0)
1333. Making operation type 54 opaque [module /[Default VFS]/]
1334. Accepting operation type 54 from module /[Default VFS]/
1335. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1336. Checking operation #55 (type 55, layer 0)
1337. Making operation type 55 opaque [module /[Default VFS]/]
1338. Accepting operation type 55 from module /[Default VFS]/
1339. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1340. Checking operation #56 (type 56, layer 0)
1341. Making operation type 56 opaque [module /[Default VFS]/]
1342. Accepting operation type 56 from module /[Default VFS]/
1343. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1344. Checking operation #57 (type 57, layer 0)
1345. Making operation type 57 opaque [module /[Default VFS]/]
1346. Accepting operation type 57 from module /[Default VFS]/
1347. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1348. Checking operation #58 (type 58, layer 0)
1349. Making operation type 58 opaque [module /[Default VFS]/]
1350. Accepting operation type 58 from module /[Default VFS]/
1351. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1352. Checking operation #59 (type 59, layer 0)
1353. Making operation type 59 opaque [module /[Default VFS]/]
1354. Accepting operation type 59 from module /[Default VFS]/
1355. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1356. Checking operation #60 (type 60, layer 0)
1357. Making operation type 60 opaque [module /[Default VFS]/]
1358. Accepting operation type 60 from module /[Default VFS]/
1359. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1360. Checking operation #61 (type 61, layer 0)
1361. Making operation type 61 opaque [module /[Default VFS]/]
1362. Accepting operation type 61 from module /[Default VFS]/
1363. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1364. Checking operation #62 (type 62, layer 0)
1365. Making operation type 62 opaque [module /[Default VFS]/]
1366. Accepting operation type 62 from module /[Default VFS]/
1367. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1368. Checking operation #63 (type 63, layer 0)
1369. Making operation type 63 opaque [module /[Default VFS]/]
1370. Accepting operation type 63 from module /[Default VFS]/
1371. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1372. Checking operation #64 (type 64, layer 0)
1373. Making operation type 64 opaque [module /[Default VFS]/]
1374. Accepting operation type 64 from module /[Default VFS]/
1375. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1376. Checking operation #65 (type 65, layer 0)
1377. Making operation type 65 opaque [module /[Default VFS]/]
1378. Accepting operation type 65 from module /[Default VFS]/
1379. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1380. Checking operation #66 (type 66, layer 0)
1381. Making operation type 66 opaque [module /[Default VFS]/]
1382. Accepting operation type 66 from module /[Default VFS]/
1383. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1384. Checking operation #67 (type 67, layer 0)
1385. Making operation type 67 opaque [module /[Default VFS]/]
1386. Accepting operation type 67 from module /[Default VFS]/
1387. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1388. Checking operation #68 (type 68, layer 0)
1389. Making operation type 68 opaque [module /[Default VFS]/]
1390. Accepting operation type 68 from module /[Default VFS]/
1391. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1392. Checking operation #69 (type 69, layer 0)
1393. Making operation type 69 opaque [module /[Default VFS]/]
1394. Accepting operation type 69 from module /[Default VFS]/
1395. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1396. Checking operation #70 (type 70, layer 0)
1397. Making operation type 70 opaque [module /[Default VFS]/]
1398. Accepting operation type 70 from module /[Default VFS]/
1399. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1400. Checking operation #71 (type 71, layer 0)
1401. Making operation type 71 opaque [module /[Default VFS]/]
1402. Accepting operation type 71 from module /[Default VFS]/
1403. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1404. Checking operation #72 (type 72, layer 0)
1405. Making operation type 72 opaque [module /[Default VFS]/]
1406. Accepting operation type 72 from module /[Default VFS]/
1407. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1408. Checking operation #73 (type 73, layer 0)
1409. Making operation type 73 opaque [module /[Default VFS]/]
1410. Accepting operation type 73 from module /[Default VFS]/
1411. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1412. Checking operation #74 (type 74, layer 0)
1413. Making operation type 74 opaque [module /[Default VFS]/]
1414. Accepting operation type 74 from module /[Default VFS]/
1415. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1416. Checking operation #75 (type 75, layer 0)
1417. Making operation type 75 opaque [module /[Default VFS]/]
1418. Accepting operation type 75 from module /[Default VFS]/
1419. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1420. Checking operation #76 (type 76, layer 0)
1421. Making operation type 76 opaque [module /[Default VFS]/]
1422. Accepting operation type 76 from module /[Default VFS]/
1423. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1424. Checking operation #77 (type 77, layer 0)
1425. Making operation type 77 opaque [module /[Default VFS]/]
1426. Accepting operation type 77 from module /[Default VFS]/
1427. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1428. Checking operation #78 (type 78, layer 0)
1429. Making operation type 78 opaque [module /[Default VFS]/]
1430. Accepting operation type 78 from module /[Default VFS]/
1431. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1432. Checking operation #79 (type 79, layer 0)
1433. Making operation type 79 opaque [module /[Default VFS]/]
1434. Accepting operation type 79 from module /[Default VFS]/
1435. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1436. Checking operation #80 (type 80, layer 0)
1437. Making operation type 80 opaque [module /[Default VFS]/]
1438. Accepting operation type 80 from module /[Default VFS]/
1439. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1440. Checking operation #81 (type 81, layer 0)
1441. Making operation type 81 opaque [module /[Default VFS]/]
1442. Accepting operation type 81 from module /[Default VFS]/
1443. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1444. Checking operation #82 (type 82, layer 0)
1445. Making operation type 82 opaque [module /[Default VFS]/]
1446. Accepting operation type 82 from module /[Default VFS]/
1447. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1448. Checking operation #83 (type 83, layer 0)
1449. Making operation type 83 opaque [module /[Default VFS]/]
1450. Accepting operation type 83 from module /[Default VFS]/
1451. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1452. Checking operation #84 (type 84, layer 0)
1453. Making operation type 84 opaque [module /[Default VFS]/]
1454. Accepting operation type 84 from module /[Default VFS]/
1455. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1456. Checking operation #85 (type 85, layer 0)
1457. Making operation type 85 opaque [module /[Default VFS]/]
1458. Accepting operation type 85 from module /[Default VFS]/
1459. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1460. Checking operation #86 (type 86, layer 0)
1461. Making operation type 86 opaque [module /[Default VFS]/]
1462. Accepting operation type 86 from module /[Default VFS]/
1463. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1464. Checking operation #87 (type 87, layer 0)
1465. Making operation type 87 opaque [module /[Default VFS]/]
1466. Accepting operation type 87 from module /[Default VFS]/
1467. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1468. Checking operation #88 (type 88, layer 0)
1469. Making operation type 88 opaque [module /[Default VFS]/]
1470. Accepting operation type 88 from module /[Default VFS]/
1471. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1472. Checking operation #89 (type 89, layer 0)
1473. Making operation type 89 opaque [module /[Default VFS]/]
1474. Accepting operation type 89 from module /[Default VFS]/
1475. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1476. Checking operation #90 (type 90, layer 0)
1477. Making operation type 90 opaque [module /[Default VFS]/]
1478. Accepting operation type 90 from module /[Default VFS]/
1479. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1480. Checking operation #91 (type 91, layer 0)
1481. Making operation type 91 opaque [module /[Default VFS]/]
1482. Accepting operation type 91 from module /[Default VFS]/
1483. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1484. Checking operation #92 (type 92, layer 0)
1485. Making operation type 92 opaque [module /[Default VFS]/]
1486. Accepting operation type 92 from module /[Default VFS]/
1487. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1488. Checking operation #93 (type 93, layer 0)
1489. Making operation type 93 opaque [module /[Default VFS]/]
1490. Accepting operation type 93 from module /[Default VFS]/
1491. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1492. Checking operation #94 (type 94, layer 0)
1493. Making operation type 94 opaque [module /[Default VFS]/]
1494. Accepting operation type 94 from module /[Default VFS]/
1495. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1496. Checking operation #95 (type 95, layer 0)
1497. Making operation type 95 opaque [module /[Default VFS]/]
1498. Accepting operation type 95 from module /[Default VFS]/
1499. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1500. Checking operation #96 (type 96, layer 0)
1501. Making operation type 96 opaque [module /[Default VFS]/]
1502. Accepting operation type 96 from module /[Default VFS]/
1503. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1504. Checking operation #97 (type 97, layer 0)
1505. Making operation type 97 opaque [module /[Default VFS]/]
1506. Accepting operation type 97 from module /[Default VFS]/
1507. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1508. Checking operation #98 (type 98, layer 0)
1509. Making operation type 98 opaque [module /[Default VFS]/]
1510. Accepting operation type 98 from module /[Default VFS]/
1511. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1512. Checking operation #99 (type 99, layer 0)
1513. Making operation type 99 opaque [module /[Default VFS]/]
1514. Accepting operation type 99 from module /[Default VFS]/
1515. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1516. Checking operation #100 (type 100, layer 0)
1517. Making operation type 100 opaque [module /[Default VFS]/]
1518. Accepting operation type 100 from module /[Default VFS]/
1519. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1520. Checking operation #101 (type 101, layer 0)
1521. Making operation type 101 opaque [module /[Default VFS]/]
1522. Accepting operation type 101 from module /[Default VFS]/
1523. [2010/02/14 20:52:57, 5] smbd/vfs.c:vfs_init_custom(193)
1524. Checking operation #102 (type 102, layer 0)
1525. Making operation type 102 opaque [module /[Default VFS]/]
1526. Accepting operation type 102 from module /[Default VFS]/
1527. [2010/02/14 20:52:57, 5] smbd/connection.c:claim_connection(142)
1528. claiming [IPC$]
1529. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
1530. Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1531. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
1532. Allocated locked data 0x0x110de70
1533. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
1534. Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1535. [2010/02/14 20:52:57, 10] smbd/share_access.c:user_ok_token(231)
1536. user_ok_token: share IPC$ is ok for unix user nobody
1537. [2010/02/14 20:52:57, 10] smbd/share_access.c:is_share_read_only_for_token(273)
1538. is_share_read_only_for_user: share IPC$ is read-only for unix user nobody
1539. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
1540. se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
1541. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
1542. se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
1543. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
1544. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
1545. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
1546. se_access_check: also S-1-1-0
1547. se_access_check: also S-1-5-2
1548. se_access_check: also S-1-5-32-546
1549. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1
1550. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
1551. se_access_check: access (1) granted.
1552. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
1553. setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
1554. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(470)
1555. NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
1556. contains 4 SIDs
1557. SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
1558. SID[ 1]: S-1-1-0
1559. SID[ 2]: S-1-5-2
1560. SID[ 3]: S-1-5-32-546
1561. SE_PRIV 0x0 0x0 0x0 0x0
1562. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
1563. UNIX token of user 65534
1564. Primary group is 65534 and contains 0 supplementary groups
1565. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_user(272)
1566. change_to_user uid=(0,65534) gid=(0,65534)
1567. [2010/02/14 20:52:57, 3] smbd/service.c:make_connection_snum(1198)
1568. hds-virtbox1 (::ffff:192.168.1.183) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 21948)
1569. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
1570. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
1571. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
1572. NT user token: (NULL)
1573. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
1574. UNIX token of user 0
1575. Primary group is 0 and contains 0 supplementary groups
1576. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
1577. change_to_root_user: now uid=(0,0) gid=(0,0)
1578. [2010/02/14 20:52:57, 3] smbd/reply.c:reply_tcon_and_X(727)
1579. tconX service=IPC$
1580. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1581. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
1582. size=56
1583. smb_com=0x75
1584. smb_rcls=0
1585. smb_reh=0
1586. smb_err=0
1587. smb_flg=136
1588. smb_flg2=51201
1589. smb_tid=1
1590. smb_pid=65279
1591. smb_uid=100
1592. smb_mid=192
1593. smt_wct=7
1594. smb_vwv[ 0]= 255 (0xFF)
1595. smb_vwv[ 1]= 0 (0x0)
1596. smb_vwv[ 2]= 1 (0x1)
1597. smb_vwv[ 3]= 511 (0x1FF)
1598. smb_vwv[ 4]= 0 (0x0)
1599. smb_vwv[ 5]= 511 (0x1FF)
1600. smb_vwv[ 6]= 0 (0x0)
1601. smb_bcc=7
1602. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
1603. [000] 49 50 43 00 00 00 00 IPC....
1604. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
1605. run_events: Nothing to do
1606. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
1607. run_events: Nothing to do
1608. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
1609. got smb length of 100
1610. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
1611. got message type 0x0 of len 0x64
1612. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
1613. Transaction 4 of length 104 (0 toread)
1614. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1615. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
1616. size=100
1617. smb_com=0xa2
1618. smb_rcls=0
1619. smb_reh=0
1620. smb_err=0
1621. smb_flg=24
1622. smb_flg2=51207
1623. smb_tid=1
1624. smb_pid=1332
1625. smb_uid=100
1626. smb_mid=256
1627. smt_wct=24
1628. smb_vwv[ 0]= 255 (0xFF)
1629. smb_vwv[ 1]=57054 (0xDEDE)
1630. smb_vwv[ 2]= 3584 (0xE00)
1631. smb_vwv[ 3]= 5632 (0x1600)
1632. smb_vwv[ 4]= 0 (0x0)
1633. smb_vwv[ 5]= 0 (0x0)
1634. smb_vwv[ 6]= 0 (0x0)
1635. smb_vwv[ 7]=40704 (0x9F00)
1636. smb_vwv[ 8]= 513 (0x201)
1637. smb_vwv[ 9]= 0 (0x0)
1638. smb_vwv[10]= 0 (0x0)
1639. smb_vwv[11]= 0 (0x0)
1640. smb_vwv[12]= 0 (0x0)
1641. smb_vwv[13]= 0 (0x0)
1642. smb_vwv[14]= 0 (0x0)
1643. smb_vwv[15]= 768 (0x300)
1644. smb_vwv[16]= 0 (0x0)
1645. smb_vwv[17]= 256 (0x100)
1646. smb_vwv[18]= 0 (0x0)
1647. smb_vwv[19]=16384 (0x4000)
1648. smb_vwv[20]= 0 (0x0)
1649. smb_vwv[21]= 512 (0x200)
1650. smb_vwv[22]= 0 (0x0)
1651. smb_vwv[23]= 768 (0x300)
1652. smb_bcc=17
1653. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
1654. [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c..
1655. [010] 00 .
1656. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
1657. switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
1658. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
1659. created /tmp/SMBntcreateX.68.req len 104
1660. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
1661. setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
1662. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(470)
1663. NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
1664. contains 4 SIDs
1665. SID[ 0]: S-1-5-21-2934603361-1946261283-2740193522-501
1666. SID[ 1]: S-1-1-0
1667. SID[ 2]: S-1-5-2
1668. SID[ 3]: S-1-5-32-546
1669. SE_PRIV 0x0 0x0 0x0 0x0
1670. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
1671. UNIX token of user 65534
1672. Primary group is 65534 and contains 0 supplementary groups
1673. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_user(272)
1674. change_to_user uid=(0,65534) gid=(0,65534)
1675. [2010/02/14 20:52:57, 4] smbd/vfs.c:vfs_ChDir(733)
1676. vfs_ChDir to /tmp
1677. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
1678. reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc
1679. [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
1680. nt_open_pipe: Opening pipe \lsarpc.
1681. [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
1682. nt_open_pipe: Known pipe lsarpc opening.
1683. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
1684. Open pipe requested lsarpc (pipes_open=0)
1685. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
1686. Create pipe requested lsarpc
1687. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
1688. init_pipe_handles: created handle list for pipe lsarpc
1689. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
1690. init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc
1691. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
1692. Created internal pipe lsarpc (pipes_open=0)
1693. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
1694. Opened pipe lsarpc with handle 7715 (pipes_open=1)
1695. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
1696. open pipes: name lsarpc pnum=7715
1697. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
1698. Locking key 6C73617270632F32313934382F333034383500
1699. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
1700. Allocated locked data 0x0x10ba6a0
1701. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
1702. Unlocking key 6C73617270632F32313934382F333034383500
1703. [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
1704. do_ntcreate_pipe_open: open pipe = \lsarpc
1705. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1706. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
1707. size=135
1708. smb_com=0xa2
1709. smb_rcls=0
1710. smb_reh=0
1711. smb_err=0
1712. smb_flg=136
1713. smb_flg2=51201
1714. smb_tid=1
1715. smb_pid=1332
1716. smb_uid=100
1717. smb_mid=256
1718. smt_wct=42
1719. smb_vwv[ 0]= 255 (0xFF)
1720. smb_vwv[ 1]= 0 (0x0)
1721. smb_vwv[ 2]= 5376 (0x1500)
1722. smb_vwv[ 3]= 375 (0x177)
1723. smb_vwv[ 4]= 0 (0x0)
1724. smb_vwv[ 5]= 0 (0x0)
1725. smb_vwv[ 6]= 0 (0x0)
1726. smb_vwv[ 7]= 0 (0x0)
1727. smb_vwv[ 8]= 0 (0x0)
1728. smb_vwv[ 9]= 0 (0x0)
1729. smb_vwv[10]= 0 (0x0)
1730. smb_vwv[11]= 0 (0x0)
1731. smb_vwv[12]= 0 (0x0)
1732. smb_vwv[13]= 0 (0x0)
1733. smb_vwv[14]= 0 (0x0)
1734. smb_vwv[15]= 0 (0x0)
1735. smb_vwv[16]= 0 (0x0)
1736. smb_vwv[17]= 0 (0x0)
1737. smb_vwv[18]= 0 (0x0)
1738. smb_vwv[19]= 0 (0x0)
1739. smb_vwv[20]= 0 (0x0)
1740. smb_vwv[21]=32768 (0x8000)
1741. smb_vwv[22]= 0 (0x0)
1742. smb_vwv[23]= 0 (0x0)
1743. smb_vwv[24]= 0 (0x0)
1744. smb_vwv[25]= 0 (0x0)
1745. smb_vwv[26]= 0 (0x0)
1746. smb_vwv[27]= 0 (0x0)
1747. smb_vwv[28]= 0 (0x0)
1748. smb_vwv[29]= 0 (0x0)
1749. smb_vwv[30]= 0 (0x0)
1750. smb_vwv[31]= 512 (0x200)
1751. smb_vwv[32]=65280 (0xFF00)
1752. smb_vwv[33]= 5 (0x5)
1753. smb_vwv[34]= 0 (0x0)
1754. smb_vwv[35]= 0 (0x0)
1755. smb_vwv[36]= 0 (0x0)
1756. smb_vwv[37]= 0 (0x0)
1757. smb_vwv[38]= 0 (0x0)
1758. smb_vwv[39]= 0 (0x0)
1759. smb_vwv[40]= 0 (0x0)
1760. smb_vwv[41]= 0 (0x0)
1761. smb_bcc=0
1762. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
1763. run_events: Nothing to do
1764. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
1765. run_events: Nothing to do
1766. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
1767. got smb length of 136
1768. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
1769. got message type 0x0 of len 0x88
1770. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
1771. Transaction 5 of length 140 (0 toread)
1772. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1773. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
1774. size=136
1775. smb_com=0x2f
1776. smb_rcls=0
1777. smb_reh=0
1778. smb_err=0
1779. smb_flg=24
1780. smb_flg2=51207
1781. smb_tid=1
1782. smb_pid=65279
1783. smb_uid=100
1784. smb_mid=320
1785. smt_wct=14
1786. smb_vwv[ 0]= 255 (0xFF)
1787. smb_vwv[ 1]=57054 (0xDEDE)
1788. smb_vwv[ 2]=30485 (0x7715)
1789. smb_vwv[ 3]= 0 (0x0)
1790. smb_vwv[ 4]= 0 (0x0)
1791. smb_vwv[ 5]=65535 (0xFFFF)
1792. smb_vwv[ 6]=65535 (0xFFFF)
1793. smb_vwv[ 7]= 8 (0x8)
1794. smb_vwv[ 8]= 72 (0x48)
1795. smb_vwv[ 9]= 0 (0x0)
1796. smb_vwv[10]= 72 (0x48)
1797. smb_vwv[11]= 64 (0x40)
1798. smb_vwv[12]= 0 (0x0)
1799. smb_vwv[13]= 0 (0x0)
1800. smb_bcc=73
1801. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
1802. [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
1803. [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
1804. [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg.
1805. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
1806. [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
1807. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
1808. switch message SMBwriteX (pid 21948) conn 0x10fd8d0
1809. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
1810. created /tmp/SMBwriteX.68.req len 140
1811. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
1812. change_to_user: Skipping user change - already user
1813. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
1814. search for pipe pnum=7715
1815. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
1816. pipe name lsarpc pnum=7715 (pipes_open=1)
1817. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
1818. write_to_pipe: 7715 name: lsarpc open: Yes len: 72
1819. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
1820. [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
1821. [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
1822. [020] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
1823. [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
1824. [040] 2B 10 48 60 02 00 00 00 +.H`....
1825. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
1826. write_to_pipe: data_left = 72
1827. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
1828. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
1829. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
1830. fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
1831. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
1832. write_to_pipe: data_used = 16
1833. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
1834. write_to_pipe: data_left = 56
1835. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
1836. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
1837. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
1838. 000000 smb_io_rpc_hdr
1839. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1840. 0000 major : 05
1841. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1842. 0001 minor : 00
1843. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1844. 0002 pkt_type : 0b
1845. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1846. 0003 flags : 03
1847. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1848. 0004 pack_type0: 10
1849. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1850. 0005 pack_type1: 00
1851. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1852. 0006 pack_type2: 00
1853. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1854. 0007 pack_type3: 00
1855. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1856. 0008 frag_len : 0048
1857. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1858. 000a auth_len : 0000
1859. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1860. 000c call_id : 00000001
1861. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
1862. unmarshall_rpc_header: using little-endian RPC
1863. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
1864. unmarshall_rpc_header: type = 11, flags = 3
1865. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
1866. write_to_pipe: data_used = 0
1867. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
1868. write_to_pipe: data_left = 56
1869. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
1870. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
1871. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
1872. process_complete_pdu: processing packet type 11
1873. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
1874. api_pipe_bind_req: decode request. 1553
1875. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
1876. api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
1877. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
1878. 000000 smb_io_rpc_hdr_rb
1879. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1880. 000000 smb_io_rpc_hdr_bba
1881. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1882. 0000 max_tsize: 10b8
1883. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1884. 0002 max_rsize: 10b8
1885. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1886. 0004 assoc_gid: 00000000
1887. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1888. 0008 num_contexts: 01
1889. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1890. 000c context_id : 0000
1891. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1892. 000e num_transfer_syntaxes: 01
1893. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1894. 00000f smb_io_rpc_iface
1895. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
1896. 000010 smb_io_uuid uuid
1897. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1898. 0010 data : 12345778
1899. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1900. 0014 data : 1234
1901. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1902. 0016 data : abcd
1903. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1904. 0018 data : ef 00
1905. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1906. 001a data : 01 23 45 67 89 ab
1907. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1908. 0020 version: 00000000
1909. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1910. 000024 smb_io_rpc_iface
1911. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
1912. 000024 smb_io_uuid uuid
1913. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1914. 0024 data : 8a885d04
1915. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1916. 0028 data : 1ceb
1917. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1918. 002a data : 11c9
1919. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1920. 002c data : 9f e8
1921. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1922. 002e data : 08 00 2b 10 48 60
1923. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1924. 0034 version: 00000002
1925. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
1926. api_pipe_bind_req: make response. 1608
1927. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
1928. check_bind_req for \PIPE\lsarpc
1929. checking \PIPE\lsarpc
1930. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
1931. 000000 smb_io_rpc_hdr_ba
1932. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1933. 000000 smb_io_rpc_hdr_bba
1934. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1935. 0000 max_tsize: 10b8
1936. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1937. 0002 max_rsize: 10b8
1938. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1939. 0004 assoc_gid: 000053f0
1940. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1941. 000008 smb_io_rpc_addr_str
1942. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1943. 0008 len: 000d
1944. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1945. 000a str: \PIPE\lsarpc.
1946. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1947. 000017 smb_io_rpc_results
1948. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1949. 0018 num_results: 01
1950. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1951. 001c result : 0000
1952. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1953. 001e reason : 0000
1954. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
1955. 000020 smb_io_rpc_iface
1956. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
1957. 000020 smb_io_uuid uuid
1958. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1959. 0020 data : 8a885d04
1960. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1961. 0024 data : 1ceb
1962. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1963. 0026 data : 11c9
1964. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1965. 0028 data : 9f e8
1966. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
1967. 002a data : 08 00 2b 10 48 60
1968. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1969. 0030 version: 00000002
1970. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
1971. 000000 smb_io_rpc_hdr
1972. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1973. 0000 major : 05
1974. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1975. 0001 minor : 00
1976. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1977. 0002 pkt_type : 0c
1978. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1979. 0003 flags : 03
1980. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1981. 0004 pack_type0: 10
1982. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1983. 0005 pack_type1: 00
1984. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1985. 0006 pack_type2: 00
1986. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
1987. 0007 pack_type3: 00
1988. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1989. 0008 frag_len : 0044
1990. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
1991. 000a auth_len : 0000
1992. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
1993. 000c call_id : 00000001
1994. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
1995. write_to_pipe: data_used = 56
1996. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
1997. writeX-IPC pnum=7715 nwritten=72
1998. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
1999. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2000. size=47
2001. smb_com=0x2f
2002. smb_rcls=0
2003. smb_reh=0
2004. smb_err=0
2005. smb_flg=136
2006. smb_flg2=51201
2007. smb_tid=1
2008. smb_pid=65279
2009. smb_uid=100
2010. smb_mid=320
2011. smt_wct=6
2012. smb_vwv[ 0]= 255 (0xFF)
2013. smb_vwv[ 1]= 0 (0x0)
2014. smb_vwv[ 2]= 72 (0x48)
2015. smb_vwv[ 3]= 0 (0x0)
2016. smb_vwv[ 4]= 0 (0x0)
2017. smb_vwv[ 5]= 0 (0x0)
2018. smb_bcc=0
2019. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2020. run_events: Nothing to do
2021. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2022. run_events: Nothing to do
2023. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2024. got smb length of 59
2025. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2026. got message type 0x0 of len 0x3b
2027. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2028. Transaction 6 of length 63 (0 toread)
2029. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2030. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2031. size=59
2032. smb_com=0x2e
2033. smb_rcls=0
2034. smb_reh=0
2035. smb_err=0
2036. smb_flg=24
2037. smb_flg2=51207
2038. smb_tid=1
2039. smb_pid=65279
2040. smb_uid=100
2041. smb_mid=384
2042. smt_wct=12
2043. smb_vwv[ 0]= 255 (0xFF)
2044. smb_vwv[ 1]=57054 (0xDEDE)
2045. smb_vwv[ 2]=30485 (0x7715)
2046. smb_vwv[ 3]= 0 (0x0)
2047. smb_vwv[ 4]= 0 (0x0)
2048. smb_vwv[ 5]= 1024 (0x400)
2049. smb_vwv[ 6]= 1024 (0x400)
2050. smb_vwv[ 7]=65535 (0xFFFF)
2051. smb_vwv[ 8]=65535 (0xFFFF)
2052. smb_vwv[ 9]= 1024 (0x400)
2053. smb_vwv[10]= 0 (0x0)
2054. smb_vwv[11]= 0 (0x0)
2055. smb_bcc=0
2056. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
2057. switch message SMBreadX (pid 21948) conn 0x10fd8d0
2058. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
2059. created /tmp/SMBreadX.68.req len 63
2060. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
2061. change_to_user: Skipping user change - already user
2062. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
2063. search for pipe pnum=7715
2064. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
2065. pipe name lsarpc pnum=7715 (pipes_open=1)
2066. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
2067. read_from_pipe: 7715 name: lsarpc len: 1024
2068. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
2069. read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
2070. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
2071. readX-IPC pnum=7715 min=1024 max=1024 nread=68
2072. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2073. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2074. size=127
2075. smb_com=0x2e
2076. smb_rcls=0
2077. smb_reh=0
2078. smb_err=0
2079. smb_flg=136
2080. smb_flg2=51201
2081. smb_tid=1
2082. smb_pid=65279
2083. smb_uid=100
2084. smb_mid=384
2085. smt_wct=12
2086. smb_vwv[ 0]= 255 (0xFF)
2087. smb_vwv[ 1]= 0 (0x0)
2088. smb_vwv[ 2]= 0 (0x0)
2089. smb_vwv[ 3]= 0 (0x0)
2090. smb_vwv[ 4]= 0 (0x0)
2091. smb_vwv[ 5]= 68 (0x44)
2092. smb_vwv[ 6]= 59 (0x3B)
2093. smb_vwv[ 7]= 0 (0x0)
2094. smb_vwv[ 8]= 0 (0x0)
2095. smb_vwv[ 9]= 0 (0x0)
2096. smb_vwv[10]= 0 (0x0)
2097. smb_vwv[11]= 0 (0x0)
2098. smb_bcc=68
2099. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2100. [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D.......
2101. [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
2102. [020] 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 00 lsarpc.. ........
2103. [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
2104. [040] 02 00 00 00 ....
2105. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2106. run_events: Nothing to do
2107. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2108. run_events: Nothing to do
2109. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2110. got smb length of 176
2111. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2112. got message type 0x0 of len 0xb0
2113. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2114. Transaction 7 of length 180 (0 toread)
2115. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2116. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2117. size=176
2118. smb_com=0x25
2119. smb_rcls=0
2120. smb_reh=0
2121. smb_err=0
2122. smb_flg=24
2123. smb_flg2=51207
2124. smb_tid=1
2125. smb_pid=1332
2126. smb_uid=100
2127. smb_mid=448
2128. smt_wct=16
2129. smb_vwv[ 0]= 0 (0x0)
2130. smb_vwv[ 1]= 92 (0x5C)
2131. smb_vwv[ 2]= 0 (0x0)
2132. smb_vwv[ 3]= 1024 (0x400)
2133. smb_vwv[ 4]= 0 (0x0)
2134. smb_vwv[ 5]= 0 (0x0)
2135. smb_vwv[ 6]= 0 (0x0)
2136. smb_vwv[ 7]= 0 (0x0)
2137. smb_vwv[ 8]= 0 (0x0)
2138. smb_vwv[ 9]= 0 (0x0)
2139. smb_vwv[10]= 84 (0x54)
2140. smb_vwv[11]= 92 (0x5C)
2141. smb_vwv[12]= 84 (0x54)
2142. smb_vwv[13]= 2 (0x2)
2143. smb_vwv[14]= 38 (0x26)
2144. smb_vwv[15]=30485 (0x7715)
2145. smb_bcc=109
2146. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2147. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
2148. [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\......
2149. [020] 00 44 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 .D....., ........
2150. [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
2151. [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
2152. [050] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
2153. [060] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ .....
2154. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
2155. switch message SMBtrans (pid 21948) conn 0x10fd8d0
2156. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
2157. change_to_user: Skipping user change - already user
2158. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
2159. trans <\PIPE\> data=92 params=0 setup=2
2160. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
2161. calling named_pipe
2162. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
2163. named pipe command on <> name
2164. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
2165. api_fd_reply
2166. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
2167. search for pipe pnum=7715
2168. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
2169. pipe name lsarpc pnum=7715 (pipes_open=1)
2170. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
2171. Got API command 0x26 on pipe "lsarpc" (pnum 7715)
2172. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
2173. api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
2174. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
2175. write_to_pipe: 7715 name: lsarpc open: Yes len: 92
2176. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
2177. [000] 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 00 ........ \.......
2178. [010] 44 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 00 D.....,. ........
2179. [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
2180. [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
2181. [040] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
2182. [050] 00 00 00 00 00 00 00 00 00 00 00 02 ........ ....
2183. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2184. write_to_pipe: data_left = 92
2185. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2186. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92
2187. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
2188. fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0
2189. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2190. write_to_pipe: data_used = 16
2191. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2192. write_to_pipe: data_left = 76
2193. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2194. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76
2195. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2196. 000000 smb_io_rpc_hdr
2197. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2198. 0000 major : 05
2199. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2200. 0001 minor : 00
2201. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2202. 0002 pkt_type : 00
2203. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2204. 0003 flags : 03
2205. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2206. 0004 pack_type0: 10
2207. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2208. 0005 pack_type1: 00
2209. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2210. 0006 pack_type2: 00
2211. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2212. 0007 pack_type3: 00
2213. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2214. 0008 frag_len : 005c
2215. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2216. 000a auth_len : 0000
2217. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2218. 000c call_id : 00000001
2219. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
2220. unmarshall_rpc_header: using little-endian RPC
2221. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
2222. unmarshall_rpc_header: type = 0, flags = 3
2223. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2224. write_to_pipe: data_used = 0
2225. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2226. write_to_pipe: data_left = 76
2227. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2228. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76
2229. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
2230. process_complete_pdu: processing packet type 0
2231. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2232. 000000 smb_io_rpc_hdr_req req
2233. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2234. 0000 alloc_hint: 00000044
2235. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2236. 0004 context_id: 0000
2237. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2238. 0006 opnum : 002c
2239. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2240. free_pipe_context: destroying talloc pool of size 74
2241. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
2242. Requested \PIPE\lsarpc
2243. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
2244. api_rpcTNP: lsarpc op 0x2c - created /tmp/in_lsarpc_44.18.prs
2245. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
2246. api_rpcTNP: rpc command: LSA_OPENPOLICY2
2247. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
2248. api_rpc_cmds[44].fn == 0x4dd620
2249. lsa_OpenPolicy2: struct lsa_OpenPolicy2
2250. in: struct lsa_OpenPolicy2
2251. system_name : *
2252. system_name : '\\HDS-LINUX'
2253. attr : *
2254. attr: struct lsa_ObjectAttribute
2255. len : 0x00000018 (24)
2256. root_dir : NULL
2257. object_name : NULL
2258. attributes : 0x00000000 (0)
2259. sec_desc : NULL
2260. sec_qos : NULL
2261. access_mask : 0x02000000 (33554432)
2262. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
2263. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
2264. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
2265. 0: LSA_POLICY_TRUST_ADMIN
2266. 0: LSA_POLICY_CREATE_ACCOUNT
2267. 0: LSA_POLICY_CREATE_SECRET
2268. 0: LSA_POLICY_CREATE_PRIVILEGE
2269. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
2270. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
2271. 0: LSA_POLICY_AUDIT_LOG_ADMIN
2272. 0: LSA_POLICY_SERVER_ADMIN
2273. 0: LSA_POLICY_LOOKUP_NAMES
2274. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
2275. se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
2276. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
2277. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
2278. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
2279. se_access_check: also S-1-1-0
2280. se_access_check: also S-1-5-2
2281. se_access_check: also S-1-5-32-546
2282. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
2283. Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
2284. [010] BC 55 00 00 .U..
2285. lsa_OpenPolicy2: struct lsa_OpenPolicy2
2286. out: struct lsa_OpenPolicy2
2287. handle : *
2288. handle: struct policy_handle
2289. handle_type : 0x00000000 (0)
2290. uuid : 00000001-0000-0000-784b-a962bc550000
2291. result : NT_STATUS_OK
2292. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
2293. created /tmp/out_lsarpc_44.18.prs
2294. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
2295. api_rpcTNP: called lsarpc successfully
2296. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2297. free_pipe_context: destroying talloc pool of size 852
2298. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2299. write_to_pipe: data_used = 76
2300. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
2301. read_from_pipe: 7715 name: lsarpc len: 1024
2302. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
2303. read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
2304. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2305. 000000 smb_io_rpc_hdr hdr
2306. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2307. 0000 major : 05
2308. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2309. 0001 minor : 00
2310. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2311. 0002 pkt_type : 02
2312. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2313. 0003 flags : 03
2314. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2315. 0004 pack_type0: 10
2316. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2317. 0005 pack_type1: 00
2318. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2319. 0006 pack_type2: 00
2320. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2321. 0007 pack_type3: 00
2322. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2323. 0008 frag_len : 0030
2324. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2325. 000a auth_len : 0000
2326. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2327. 000c call_id : 00000001
2328. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2329. 000010 smb_io_rpc_hdr_resp resp
2330. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2331. 0010 alloc_hint: 00000018
2332. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2333. 0014 context_id: 0000
2334. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2335. 0016 cancel_ct : 00
2336. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2337. 0017 reserved : 00
2338. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
2339. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
2340. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2341. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2342. size=104
2343. smb_com=0x25
2344. smb_rcls=0
2345. smb_reh=0
2346. smb_err=0
2347. smb_flg=136
2348. smb_flg2=51201
2349. smb_tid=1
2350. smb_pid=1332
2351. smb_uid=100
2352. smb_mid=448
2353. smt_wct=10
2354. smb_vwv[ 0]= 0 (0x0)
2355. smb_vwv[ 1]= 48 (0x30)
2356. smb_vwv[ 2]= 0 (0x0)
2357. smb_vwv[ 3]= 0 (0x0)
2358. smb_vwv[ 4]= 56 (0x38)
2359. smb_vwv[ 5]= 0 (0x0)
2360. smb_vwv[ 6]= 48 (0x30)
2361. smb_vwv[ 7]= 56 (0x38)
2362. smb_vwv[ 8]= 0 (0x0)
2363. smb_vwv[ 9]= 0 (0x0)
2364. smb_bcc=49
2365. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2366. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0......
2367. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........
2368. [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
2369. [030] 00 .
2370. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2371. run_events: Nothing to do
2372. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2373. run_events: Nothing to do
2374. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2375. got smb length of 130
2376. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2377. got message type 0x0 of len 0x82
2378. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2379. Transaction 8 of length 134 (0 toread)
2380. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2381. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2382. size=130
2383. smb_com=0x25
2384. smb_rcls=0
2385. smb_reh=0
2386. smb_err=0
2387. smb_flg=24
2388. smb_flg2=51207
2389. smb_tid=1
2390. smb_pid=1332
2391. smb_uid=100
2392. smb_mid=512
2393. smt_wct=16
2394. smb_vwv[ 0]= 0 (0x0)
2395. smb_vwv[ 1]= 46 (0x2E)
2396. smb_vwv[ 2]= 0 (0x0)
2397. smb_vwv[ 3]= 1024 (0x400)
2398. smb_vwv[ 4]= 0 (0x0)
2399. smb_vwv[ 5]= 0 (0x0)
2400. smb_vwv[ 6]= 0 (0x0)
2401. smb_vwv[ 7]= 0 (0x0)
2402. smb_vwv[ 8]= 0 (0x0)
2403. smb_vwv[ 9]= 0 (0x0)
2404. smb_vwv[10]= 84 (0x54)
2405. smb_vwv[11]= 46 (0x2E)
2406. smb_vwv[12]= 84 (0x54)
2407. smb_vwv[13]= 2 (0x2)
2408. smb_vwv[14]= 38 (0x26)
2409. smb_vwv[15]=30485 (0x7715)
2410. smb_bcc=63
2411. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2412. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
2413. [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........
2414. [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........
2415. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 0C 00 .....xK. b.U....
2416. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
2417. switch message SMBtrans (pid 21948) conn 0x10fd8d0
2418. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
2419. change_to_user: Skipping user change - already user
2420. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
2421. trans <\PIPE\> data=46 params=0 setup=2
2422. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
2423. calling named_pipe
2424. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
2425. named pipe command on <> name
2426. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
2427. api_fd_reply
2428. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
2429. search for pipe pnum=7715
2430. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
2431. pipe name lsarpc pnum=7715 (pipes_open=1)
2432. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
2433. Got API command 0x26 on pipe "lsarpc" (pnum 7715)
2434. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
2435. api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
2436. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
2437. write_to_pipe: 7715 name: lsarpc open: Yes len: 46
2438. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
2439. [000] 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 00 ........ ........
2440. [010] 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 ........ ........
2441. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 0C 00 ....xK.b .U....
2442. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2443. write_to_pipe: data_left = 46
2444. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2445. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
2446. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
2447. fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
2448. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2449. write_to_pipe: data_used = 16
2450. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2451. write_to_pipe: data_left = 30
2452. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2453. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
2454. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2455. 000000 smb_io_rpc_hdr
2456. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2457. 0000 major : 05
2458. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2459. 0001 minor : 00
2460. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2461. 0002 pkt_type : 00
2462. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2463. 0003 flags : 03
2464. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2465. 0004 pack_type0: 10
2466. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2467. 0005 pack_type1: 00
2468. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2469. 0006 pack_type2: 00
2470. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2471. 0007 pack_type3: 00
2472. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2473. 0008 frag_len : 002e
2474. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2475. 000a auth_len : 0000
2476. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2477. 000c call_id : 00000002
2478. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
2479. unmarshall_rpc_header: using little-endian RPC
2480. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
2481. unmarshall_rpc_header: type = 0, flags = 3
2482. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2483. write_to_pipe: data_used = 0
2484. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2485. write_to_pipe: data_left = 30
2486. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2487. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
2488. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
2489. process_complete_pdu: processing packet type 0
2490. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2491. 000000 smb_io_rpc_hdr_req req
2492. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2493. 0000 alloc_hint: 00000016
2494. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2495. 0004 context_id: 0000
2496. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2497. 0006 opnum : 002e
2498. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2499. free_pipe_context: destroying talloc pool of size 0
2500. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
2501. Requested \PIPE\lsarpc
2502. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
2503. api_rpcTNP: lsarpc op 0x2e - created /tmp/in_lsarpc_46.18.prs
2504. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
2505. api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
2506. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
2507. api_rpc_cmds[46].fn == 0x4dd198
2508. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
2509. in: struct lsa_QueryInfoPolicy2
2510. handle : *
2511. handle: struct policy_handle
2512. handle_type : 0x00000000 (0)
2513. uuid : 00000001-0000-0000-784b-a962bc550000
2514. level : LSA_POLICY_INFO_DNS (12)
2515. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339)
2516. api_rpcTNP: rng fault return
2517. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2518. 000000 smb_io_rpc_hdr
2519. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2520. 0000 major : 05
2521. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2522. 0001 minor : 00
2523. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2524. 0002 pkt_type : 03
2525. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2526. 0003 flags : 23
2527. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2528. 0004 pack_type0: 10
2529. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2530. 0005 pack_type1: 00
2531. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2532. 0006 pack_type2: 00
2533. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2534. 0007 pack_type3: 00
2535. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2536. 0008 frag_len : 0020
2537. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2538. 000a auth_len : 0000
2539. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2540. 000c call_id : 00000002
2541. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2542. 000010 smb_io_rpc_hdr_resp resp
2543. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2544. 0010 alloc_hint: 00000000
2545. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2546. 0014 context_id: 0000
2547. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2548. 0016 cancel_ct : 00
2549. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2550. 0017 reserved : 00
2551. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2552. 000018 smb_io_rpc_hdr_fault fault
2553. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807)
2554. 0018 status : DCERPC_FAULT_OP_RNG_ERROR
2555. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2556. 001c reserved: 00000000
2557. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2558. free_pipe_context: destroying talloc pool of size 0
2559. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2560. write_to_pipe: data_used = 30
2561. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
2562. read_from_pipe: 7715 name: lsarpc len: 1024
2563. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
2564. read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes.
2565. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
2566. copy_trans_params_and_data: params[0..0] data[0..32] (align 0)
2567. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2568. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2569. size=88
2570. smb_com=0x25
2571. smb_rcls=0
2572. smb_reh=0
2573. smb_err=0
2574. smb_flg=136
2575. smb_flg2=51201
2576. smb_tid=1
2577. smb_pid=1332
2578. smb_uid=100
2579. smb_mid=512
2580. smt_wct=10
2581. smb_vwv[ 0]= 0 (0x0)
2582. smb_vwv[ 1]= 32 (0x20)
2583. smb_vwv[ 2]= 0 (0x0)
2584. smb_vwv[ 3]= 0 (0x0)
2585. smb_vwv[ 4]= 56 (0x38)
2586. smb_vwv[ 5]= 0 (0x0)
2587. smb_vwv[ 6]= 32 (0x20)
2588. smb_vwv[ 7]= 56 (0x38)
2589. smb_vwv[ 8]= 0 (0x0)
2590. smb_vwv[ 9]= 0 (0x0)
2591. smb_bcc=33
2592. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2593. [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ......
2594. [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........
2595. [020] 00 .
2596. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2597. run_events: Nothing to do
2598. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2599. run_events: Nothing to do
2600. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2601. got smb length of 130
2602. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2603. got message type 0x0 of len 0x82
2604. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2605. Transaction 9 of length 134 (0 toread)
2606. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2607. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2608. size=130
2609. smb_com=0x25
2610. smb_rcls=0
2611. smb_reh=0
2612. smb_err=0
2613. smb_flg=24
2614. smb_flg2=51207
2615. smb_tid=1
2616. smb_pid=1332
2617. smb_uid=100
2618. smb_mid=576
2619. smt_wct=16
2620. smb_vwv[ 0]= 0 (0x0)
2621. smb_vwv[ 1]= 46 (0x2E)
2622. smb_vwv[ 2]= 0 (0x0)
2623. smb_vwv[ 3]= 1024 (0x400)
2624. smb_vwv[ 4]= 0 (0x0)
2625. smb_vwv[ 5]= 0 (0x0)
2626. smb_vwv[ 6]= 0 (0x0)
2627. smb_vwv[ 7]= 0 (0x0)
2628. smb_vwv[ 8]= 0 (0x0)
2629. smb_vwv[ 9]= 0 (0x0)
2630. smb_vwv[10]= 84 (0x54)
2631. smb_vwv[11]= 46 (0x2E)
2632. smb_vwv[12]= 84 (0x54)
2633. smb_vwv[13]= 2 (0x2)
2634. smb_vwv[14]= 38 (0x26)
2635. smb_vwv[15]=30485 (0x7715)
2636. smb_bcc=63
2637. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2638. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
2639. [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........
2640. [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........
2641. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 03 00 .....xK. b.U....
2642. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
2643. switch message SMBtrans (pid 21948) conn 0x10fd8d0
2644. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
2645. change_to_user: Skipping user change - already user
2646. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
2647. trans <\PIPE\> data=46 params=0 setup=2
2648. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
2649. calling named_pipe
2650. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
2651. named pipe command on <> name
2652. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
2653. api_fd_reply
2654. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
2655. search for pipe pnum=7715
2656. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
2657. pipe name lsarpc pnum=7715 (pipes_open=1)
2658. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
2659. Got API command 0x26 on pipe "lsarpc" (pnum 7715)
2660. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
2661. api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
2662. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
2663. write_to_pipe: 7715 name: lsarpc open: Yes len: 46
2664. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
2665. [000] 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 ........ ........
2666. [010] 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 ........ ........
2667. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 03 00 ....xK.b .U....
2668. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2669. write_to_pipe: data_left = 46
2670. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2671. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
2672. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
2673. fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
2674. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2675. write_to_pipe: data_used = 16
2676. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2677. write_to_pipe: data_left = 30
2678. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2679. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
2680. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2681. 000000 smb_io_rpc_hdr
2682. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2683. 0000 major : 05
2684. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2685. 0001 minor : 00
2686. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2687. 0002 pkt_type : 00
2688. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2689. 0003 flags : 03
2690. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2691. 0004 pack_type0: 10
2692. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2693. 0005 pack_type1: 00
2694. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2695. 0006 pack_type2: 00
2696. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2697. 0007 pack_type3: 00
2698. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2699. 0008 frag_len : 002e
2700. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2701. 000a auth_len : 0000
2702. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2703. 000c call_id : 00000003
2704. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
2705. unmarshall_rpc_header: using little-endian RPC
2706. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
2707. unmarshall_rpc_header: type = 0, flags = 3
2708. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2709. write_to_pipe: data_used = 0
2710. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
2711. write_to_pipe: data_left = 30
2712. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
2713. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
2714. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
2715. process_complete_pdu: processing packet type 0
2716. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2717. 000000 smb_io_rpc_hdr_req req
2718. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2719. 0000 alloc_hint: 00000016
2720. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2721. 0004 context_id: 0000
2722. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2723. 0006 opnum : 0007
2724. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2725. free_pipe_context: destroying talloc pool of size 0
2726. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
2727. Requested \PIPE\lsarpc
2728. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
2729. api_rpcTNP: lsarpc op 0x7 - created /tmp/in_lsarpc_7.18.prs
2730. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
2731. api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
2732. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
2733. api_rpc_cmds[7].fn == 0x4e2868
2734. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
2735. in: struct lsa_QueryInfoPolicy
2736. handle : *
2737. handle: struct policy_handle
2738. handle_type : 0x00000000 (0)
2739. uuid : 00000001-0000-0000-784b-a962bc550000
2740. level : LSA_POLICY_INFO_DOMAIN (3)
2741. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
2742. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
2743. [010] BC 55 00 00 .U..
2744. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
2745. out: struct lsa_QueryInfoPolicy
2746. info : *
2747. info : *
2748. info : union lsa_PolicyInformation(case 3)
2749. domain: struct lsa_DomainInfo
2750. name: struct lsa_StringLarge
2751. length : 0x0000 (0)
2752. size : 0x0000 (0)
2753. string : *
2754. string : 'SEMARKIT'
2755. sid : *
2756. sid : S-1-5-21-2934603361-1946261283-2740193522
2757. result : NT_STATUS_OK
2758. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
2759. created /tmp/out_lsarpc_7.18.prs
2760. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
2761. api_rpcTNP: called lsarpc successfully
2762. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
2763. free_pipe_context: destroying talloc pool of size 140
2764. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
2765. write_to_pipe: data_used = 30
2766. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
2767. read_from_pipe: 7715 name: lsarpc len: 1024
2768. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
2769. read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80.
2770. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2771. 000000 smb_io_rpc_hdr hdr
2772. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2773. 0000 major : 05
2774. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2775. 0001 minor : 00
2776. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2777. 0002 pkt_type : 02
2778. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2779. 0003 flags : 03
2780. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2781. 0004 pack_type0: 10
2782. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2783. 0005 pack_type1: 00
2784. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2785. 0006 pack_type2: 00
2786. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2787. 0007 pack_type3: 00
2788. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2789. 0008 frag_len : 0068
2790. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2791. 000a auth_len : 0000
2792. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2793. 000c call_id : 00000003
2794. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
2795. 000010 smb_io_rpc_hdr_resp resp
2796. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
2797. 0010 alloc_hint: 00000050
2798. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
2799. 0014 context_id: 0000
2800. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2801. 0016 cancel_ct : 00
2802. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
2803. 0017 reserved : 00
2804. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
2805. copy_trans_params_and_data: params[0..0] data[0..104] (align 0)
2806. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2807. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2808. size=160
2809. smb_com=0x25
2810. smb_rcls=0
2811. smb_reh=0
2812. smb_err=0
2813. smb_flg=136
2814. smb_flg2=51201
2815. smb_tid=1
2816. smb_pid=1332
2817. smb_uid=100
2818. smb_mid=576
2819. smt_wct=10
2820. smb_vwv[ 0]= 0 (0x0)
2821. smb_vwv[ 1]= 104 (0x68)
2822. smb_vwv[ 2]= 0 (0x0)
2823. smb_vwv[ 3]= 0 (0x0)
2824. smb_vwv[ 4]= 56 (0x38)
2825. smb_vwv[ 5]= 0 (0x0)
2826. smb_vwv[ 6]= 104 (0x68)
2827. smb_vwv[ 7]= 56 (0x38)
2828. smb_vwv[ 8]= 0 (0x0)
2829. smb_vwv[ 9]= 0 (0x0)
2830. smb_bcc=105
2831. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2832. [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h......
2833. [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .P...... ........
2834. [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........
2835. [030] 00 00 00 00 00 08 00 00 00 53 00 45 00 4D 00 41 ........ .S.E.M.A
2836. [040] 00 52 00 4B 00 49 00 54 00 04 00 00 00 01 04 00 .R.K.I.T ........
2837. [050] 00 00 00 00 05 15 00 00 00 61 7E EA AE 23 97 01 ........ .a~..#..
2838. [060] 74 F2 08 54 A3 00 00 00 00 t..T.... .
2839. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2840. run_events: Nothing to do
2841. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2842. run_events: Nothing to do
2843. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2844. got smb length of 100
2845. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2846. got message type 0x0 of len 0x64
2847. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2848. Transaction 10 of length 104 (0 toread)
2849. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2850. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2851. size=100
2852. smb_com=0xa2
2853. smb_rcls=0
2854. smb_reh=0
2855. smb_err=0
2856. smb_flg=24
2857. smb_flg2=51207
2858. smb_tid=1
2859. smb_pid=1332
2860. smb_uid=100
2861. smb_mid=640
2862. smt_wct=24
2863. smb_vwv[ 0]= 255 (0xFF)
2864. smb_vwv[ 1]=57054 (0xDEDE)
2865. smb_vwv[ 2]= 3584 (0xE00)
2866. smb_vwv[ 3]= 5632 (0x1600)
2867. smb_vwv[ 4]= 0 (0x0)
2868. smb_vwv[ 5]= 0 (0x0)
2869. smb_vwv[ 6]= 0 (0x0)
2870. smb_vwv[ 7]=40704 (0x9F00)
2871. smb_vwv[ 8]= 513 (0x201)
2872. smb_vwv[ 9]= 0 (0x0)
2873. smb_vwv[10]= 0 (0x0)
2874. smb_vwv[11]= 0 (0x0)
2875. smb_vwv[12]= 0 (0x0)
2876. smb_vwv[13]= 0 (0x0)
2877. smb_vwv[14]= 0 (0x0)
2878. smb_vwv[15]= 768 (0x300)
2879. smb_vwv[16]= 0 (0x0)
2880. smb_vwv[17]= 256 (0x100)
2881. smb_vwv[18]= 0 (0x0)
2882. smb_vwv[19]=16384 (0x4000)
2883. smb_vwv[20]= 0 (0x0)
2884. smb_vwv[21]= 512 (0x200)
2885. smb_vwv[22]= 0 (0x0)
2886. smb_vwv[23]= 768 (0x300)
2887. smb_bcc=17
2888. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
2889. [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g..
2890. [010] 00 .
2891. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
2892. switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
2893. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
2894. created /tmp/SMBntcreateX.69.req len 104
2895. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
2896. change_to_user: Skipping user change - already user
2897. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
2898. reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = winreg
2899. [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
2900. nt_open_pipe: Opening pipe \winreg.
2901. [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
2902. nt_open_pipe: Known pipe winreg opening.
2903. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
2904. Open pipe requested winreg (pipes_open=1)
2905. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
2906. open_rpc_pipe_p: name lsarpc pnum=7715
2907. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
2908. Create pipe requested winreg
2909. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
2910. init_pipe_handles: created handle list for pipe winreg
2911. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
2912. init_pipe_handles: pipe_handles ref count = 1 for pipe winreg
2913. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
2914. Created internal pipe winreg (pipes_open=1)
2915. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
2916. Opened pipe winreg with handle 7716 (pipes_open=2)
2917. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
2918. open pipes: name winreg pnum=7716
2919. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
2920. open pipes: name lsarpc pnum=7715
2921. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
2922. Locking key 77696E7265672F32313934382F333034383600
2923. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
2924. Allocated locked data 0x0x1109230
2925. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
2926. Unlocking key 77696E7265672F32313934382F333034383600
2927. [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
2928. do_ntcreate_pipe_open: open pipe = \winreg
2929. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2930. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2931. size=135
2932. smb_com=0xa2
2933. smb_rcls=0
2934. smb_reh=0
2935. smb_err=0
2936. smb_flg=136
2937. smb_flg2=51201
2938. smb_tid=1
2939. smb_pid=1332
2940. smb_uid=100
2941. smb_mid=640
2942. smt_wct=42
2943. smb_vwv[ 0]= 255 (0xFF)
2944. smb_vwv[ 1]= 0 (0x0)
2945. smb_vwv[ 2]= 5632 (0x1600)
2946. smb_vwv[ 3]= 375 (0x177)
2947. smb_vwv[ 4]= 0 (0x0)
2948. smb_vwv[ 5]= 0 (0x0)
2949. smb_vwv[ 6]= 0 (0x0)
2950. smb_vwv[ 7]= 0 (0x0)
2951. smb_vwv[ 8]= 0 (0x0)
2952. smb_vwv[ 9]= 0 (0x0)
2953. smb_vwv[10]= 0 (0x0)
2954. smb_vwv[11]= 0 (0x0)
2955. smb_vwv[12]= 0 (0x0)
2956. smb_vwv[13]= 0 (0x0)
2957. smb_vwv[14]= 0 (0x0)
2958. smb_vwv[15]= 0 (0x0)
2959. smb_vwv[16]= 0 (0x0)
2960. smb_vwv[17]= 0 (0x0)
2961. smb_vwv[18]= 0 (0x0)
2962. smb_vwv[19]= 0 (0x0)
2963. smb_vwv[20]= 0 (0x0)
2964. smb_vwv[21]=32768 (0x8000)
2965. smb_vwv[22]= 0 (0x0)
2966. smb_vwv[23]= 0 (0x0)
2967. smb_vwv[24]= 0 (0x0)
2968. smb_vwv[25]= 0 (0x0)
2969. smb_vwv[26]= 0 (0x0)
2970. smb_vwv[27]= 0 (0x0)
2971. smb_vwv[28]= 0 (0x0)
2972. smb_vwv[29]= 0 (0x0)
2973. smb_vwv[30]= 0 (0x0)
2974. smb_vwv[31]= 512 (0x200)
2975. smb_vwv[32]=65280 (0xFF00)
2976. smb_vwv[33]= 5 (0x5)
2977. smb_vwv[34]= 0 (0x0)
2978. smb_vwv[35]= 0 (0x0)
2979. smb_vwv[36]= 0 (0x0)
2980. smb_vwv[37]= 0 (0x0)
2981. smb_vwv[38]= 0 (0x0)
2982. smb_vwv[39]= 0 (0x0)
2983. smb_vwv[40]= 0 (0x0)
2984. smb_vwv[41]= 0 (0x0)
2985. smb_bcc=0
2986. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2987. run_events: Nothing to do
2988. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
2989. run_events: Nothing to do
2990. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
2991. got smb length of 136
2992. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
2993. got message type 0x0 of len 0x88
2994. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
2995. Transaction 11 of length 140 (0 toread)
2996. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
2997. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
2998. size=136
2999. smb_com=0x2f
3000. smb_rcls=0
3001. smb_reh=0
3002. smb_err=0
3003. smb_flg=24
3004. smb_flg2=51207
3005. smb_tid=1
3006. smb_pid=65279
3007. smb_uid=100
3008. smb_mid=704
3009. smt_wct=14
3010. smb_vwv[ 0]= 255 (0xFF)
3011. smb_vwv[ 1]=57054 (0xDEDE)
3012. smb_vwv[ 2]=30486 (0x7716)
3013. smb_vwv[ 3]= 0 (0x0)
3014. smb_vwv[ 4]= 0 (0x0)
3015. smb_vwv[ 5]=65535 (0xFFFF)
3016. smb_vwv[ 6]=65535 (0xFFFF)
3017. smb_vwv[ 7]= 8 (0x8)
3018. smb_vwv[ 8]= 72 (0x48)
3019. smb_vwv[ 9]= 0 (0x0)
3020. smb_vwv[10]= 72 (0x48)
3021. smb_vwv[11]= 64 (0x40)
3022. smb_vwv[12]= 0 (0x0)
3023. smb_vwv[13]= 0 (0x0)
3024. smb_bcc=73
3025. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
3026. [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
3027. [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
3028. [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8..
3029. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
3030. [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
3031. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
3032. switch message SMBwriteX (pid 21948) conn 0x10fd8d0
3033. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
3034. created /tmp/SMBwriteX.69.req len 140
3035. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
3036. change_to_user: Skipping user change - already user
3037. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
3038. search for pipe pnum=7716
3039. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3040. pipe name winreg pnum=7716 (pipes_open=2)
3041. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3042. pipe name lsarpc pnum=7715 (pipes_open=2)
3043. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
3044. write_to_pipe: 7716 name: winreg open: Yes len: 72
3045. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
3046. [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
3047. [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
3048. [020] 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 03 ...3D".1 ....8...
3049. [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
3050. [040] 2B 10 48 60 02 00 00 00 +.H`....
3051. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3052. write_to_pipe: data_left = 72
3053. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3054. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
3055. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
3056. fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
3057. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3058. write_to_pipe: data_used = 16
3059. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3060. write_to_pipe: data_left = 56
3061. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3062. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
3063. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3064. 000000 smb_io_rpc_hdr
3065. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3066. 0000 major : 05
3067. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3068. 0001 minor : 00
3069. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3070. 0002 pkt_type : 0b
3071. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3072. 0003 flags : 03
3073. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3074. 0004 pack_type0: 10
3075. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3076. 0005 pack_type1: 00
3077. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3078. 0006 pack_type2: 00
3079. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3080. 0007 pack_type3: 00
3081. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3082. 0008 frag_len : 0048
3083. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3084. 000a auth_len : 0000
3085. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3086. 000c call_id : 00000001
3087. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
3088. unmarshall_rpc_header: using little-endian RPC
3089. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
3090. unmarshall_rpc_header: type = 11, flags = 3
3091. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3092. write_to_pipe: data_used = 0
3093. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3094. write_to_pipe: data_left = 56
3095. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3096. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
3097. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
3098. process_complete_pdu: processing packet type 11
3099. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
3100. api_pipe_bind_req: decode request. 1553
3101. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
3102. api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
3103. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3104. 000000 smb_io_rpc_hdr_rb
3105. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3106. 000000 smb_io_rpc_hdr_bba
3107. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3108. 0000 max_tsize: 10b8
3109. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3110. 0002 max_rsize: 10b8
3111. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3112. 0004 assoc_gid: 00000000
3113. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3114. 0008 num_contexts: 01
3115. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3116. 000c context_id : 0000
3117. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3118. 000e num_transfer_syntaxes: 01
3119. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3120. 00000f smb_io_rpc_iface
3121. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
3122. 000010 smb_io_uuid uuid
3123. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3124. 0010 data : 338cd001
3125. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3126. 0014 data : 2244
3127. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3128. 0016 data : 31f1
3129. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3130. 0018 data : aa aa
3131. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3132. 001a data : 90 00 38 00 10 03
3133. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3134. 0020 version: 00000001
3135. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3136. 000024 smb_io_rpc_iface
3137. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
3138. 000024 smb_io_uuid uuid
3139. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3140. 0024 data : 8a885d04
3141. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3142. 0028 data : 1ceb
3143. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3144. 002a data : 11c9
3145. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3146. 002c data : 9f e8
3147. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3148. 002e data : 08 00 2b 10 48 60
3149. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3150. 0034 version: 00000002
3151. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
3152. api_pipe_bind_req: make response. 1608
3153. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
3154. check_bind_req for \PIPE\winreg
3155. checking \PIPE\lsarpc
3156. checking \PIPE\lsarpc
3157. checking \PIPE\samr
3158. checking \PIPE\NETLOGON
3159. checking \PIPE\srvsvc
3160. checking \PIPE\wkssvc
3161. checking \PIPE\winreg
3162. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3163. 000000 smb_io_rpc_hdr_ba
3164. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3165. 000000 smb_io_rpc_hdr_bba
3166. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3167. 0000 max_tsize: 10b8
3168. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3169. 0002 max_rsize: 10b8
3170. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3171. 0004 assoc_gid: 000053f0
3172. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3173. 000008 smb_io_rpc_addr_str
3174. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3175. 0008 len: 000d
3176. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3177. 000a str: \PIPE\winreg.
3178. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3179. 000017 smb_io_rpc_results
3180. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3181. 0018 num_results: 01
3182. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3183. 001c result : 0000
3184. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3185. 001e reason : 0000
3186. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
3187. 000020 smb_io_rpc_iface
3188. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
3189. 000020 smb_io_uuid uuid
3190. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3191. 0020 data : 8a885d04
3192. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3193. 0024 data : 1ceb
3194. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3195. 0026 data : 11c9
3196. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3197. 0028 data : 9f e8
3198. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
3199. 002a data : 08 00 2b 10 48 60
3200. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3201. 0030 version: 00000002
3202. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3203. 000000 smb_io_rpc_hdr
3204. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3205. 0000 major : 05
3206. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3207. 0001 minor : 00
3208. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3209. 0002 pkt_type : 0c
3210. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3211. 0003 flags : 03
3212. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3213. 0004 pack_type0: 10
3214. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3215. 0005 pack_type1: 00
3216. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3217. 0006 pack_type2: 00
3218. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3219. 0007 pack_type3: 00
3220. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3221. 0008 frag_len : 0044
3222. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3223. 000a auth_len : 0000
3224. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3225. 000c call_id : 00000001
3226. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3227. write_to_pipe: data_used = 56
3228. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
3229. writeX-IPC pnum=7716 nwritten=72
3230. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3231. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3232. size=47
3233. smb_com=0x2f
3234. smb_rcls=0
3235. smb_reh=0
3236. smb_err=0
3237. smb_flg=136
3238. smb_flg2=51201
3239. smb_tid=1
3240. smb_pid=65279
3241. smb_uid=100
3242. smb_mid=704
3243. smt_wct=6
3244. smb_vwv[ 0]= 255 (0xFF)
3245. smb_vwv[ 1]= 0 (0x0)
3246. smb_vwv[ 2]= 72 (0x48)
3247. smb_vwv[ 3]= 0 (0x0)
3248. smb_vwv[ 4]= 0 (0x0)
3249. smb_vwv[ 5]= 0 (0x0)
3250. smb_bcc=0
3251. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3252. run_events: Nothing to do
3253. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3254. run_events: Nothing to do
3255. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
3256. got smb length of 59
3257. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
3258. got message type 0x0 of len 0x3b
3259. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
3260. Transaction 12 of length 63 (0 toread)
3261. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3262. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3263. size=59
3264. smb_com=0x2e
3265. smb_rcls=0
3266. smb_reh=0
3267. smb_err=0
3268. smb_flg=24
3269. smb_flg2=51207
3270. smb_tid=1
3271. smb_pid=65279
3272. smb_uid=100
3273. smb_mid=768
3274. smt_wct=12
3275. smb_vwv[ 0]= 255 (0xFF)
3276. smb_vwv[ 1]=57054 (0xDEDE)
3277. smb_vwv[ 2]=30486 (0x7716)
3278. smb_vwv[ 3]= 0 (0x0)
3279. smb_vwv[ 4]= 0 (0x0)
3280. smb_vwv[ 5]= 1024 (0x400)
3281. smb_vwv[ 6]= 1024 (0x400)
3282. smb_vwv[ 7]=65535 (0xFFFF)
3283. smb_vwv[ 8]=65535 (0xFFFF)
3284. smb_vwv[ 9]= 1024 (0x400)
3285. smb_vwv[10]= 0 (0x0)
3286. smb_vwv[11]= 0 (0x0)
3287. smb_bcc=0
3288. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
3289. switch message SMBreadX (pid 21948) conn 0x10fd8d0
3290. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
3291. created /tmp/SMBreadX.69.req len 63
3292. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
3293. change_to_user: Skipping user change - already user
3294. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
3295. search for pipe pnum=7716
3296. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3297. pipe name winreg pnum=7716 (pipes_open=2)
3298. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3299. pipe name lsarpc pnum=7715 (pipes_open=2)
3300. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
3301. read_from_pipe: 7716 name: winreg len: 1024
3302. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
3303. read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
3304. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
3305. readX-IPC pnum=7716 min=1024 max=1024 nread=68
3306. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3307. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3308. size=127
3309. smb_com=0x2e
3310. smb_rcls=0
3311. smb_reh=0
3312. smb_err=0
3313. smb_flg=136
3314. smb_flg2=51201
3315. smb_tid=1
3316. smb_pid=65279
3317. smb_uid=100
3318. smb_mid=768
3319. smt_wct=12
3320. smb_vwv[ 0]= 255 (0xFF)
3321. smb_vwv[ 1]= 0 (0x0)
3322. smb_vwv[ 2]= 0 (0x0)
3323. smb_vwv[ 3]= 0 (0x0)
3324. smb_vwv[ 4]= 0 (0x0)
3325. smb_vwv[ 5]= 68 (0x44)
3326. smb_vwv[ 6]= 59 (0x3B)
3327. smb_vwv[ 7]= 0 (0x0)
3328. smb_vwv[ 8]= 0 (0x0)
3329. smb_vwv[ 9]= 0 (0x0)
3330. smb_vwv[10]= 0 (0x0)
3331. smb_vwv[11]= 0 (0x0)
3332. smb_bcc=68
3333. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
3334. [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D.......
3335. [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
3336. [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........
3337. [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
3338. [040] 02 00 00 00 ....
3339. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3340. run_events: Nothing to do
3341. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3342. run_events: Nothing to do
3343. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
3344. got smb length of 120
3345. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
3346. got message type 0x0 of len 0x78
3347. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
3348. Transaction 13 of length 124 (0 toread)
3349. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3350. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3351. size=120
3352. smb_com=0x25
3353. smb_rcls=0
3354. smb_reh=0
3355. smb_err=0
3356. smb_flg=24
3357. smb_flg2=51207
3358. smb_tid=1
3359. smb_pid=1332
3360. smb_uid=100
3361. smb_mid=832
3362. smt_wct=16
3363. smb_vwv[ 0]= 0 (0x0)
3364. smb_vwv[ 1]= 36 (0x24)
3365. smb_vwv[ 2]= 0 (0x0)
3366. smb_vwv[ 3]= 1024 (0x400)
3367. smb_vwv[ 4]= 0 (0x0)
3368. smb_vwv[ 5]= 0 (0x0)
3369. smb_vwv[ 6]= 0 (0x0)
3370. smb_vwv[ 7]= 0 (0x0)
3371. smb_vwv[ 8]= 0 (0x0)
3372. smb_vwv[ 9]= 0 (0x0)
3373. smb_vwv[10]= 84 (0x54)
3374. smb_vwv[11]= 36 (0x24)
3375. smb_vwv[12]= 84 (0x54)
3376. smb_vwv[13]= 2 (0x2)
3377. smb_vwv[14]= 38 (0x26)
3378. smb_vwv[15]=30486 (0x7716)
3379. smb_bcc=53
3380. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
3381. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
3382. [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
3383. [020] 00 0C 00 00 00 00 00 02 00 00 00 02 00 30 C9 01 ........ .....0..
3384. [030] 00 00 00 00 02 .....
3385. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
3386. switch message SMBtrans (pid 21948) conn 0x10fd8d0
3387. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
3388. change_to_user: Skipping user change - already user
3389. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
3390. trans <\PIPE\> data=36 params=0 setup=2
3391. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
3392. calling named_pipe
3393. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
3394. named pipe command on <> name
3395. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
3396. api_fd_reply
3397. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
3398. search for pipe pnum=7716
3399. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3400. pipe name winreg pnum=7716 (pipes_open=2)
3401. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3402. pipe name lsarpc pnum=7715 (pipes_open=2)
3403. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
3404. Got API command 0x26 on pipe "winreg" (pnum 7716)
3405. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
3406. api_fd_reply: p:0x11090b0 max_trans_reply: 1024
3407. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
3408. write_to_pipe: 7716 name: winreg open: Yes len: 36
3409. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
3410. [000] 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ $.......
3411. [010] 0C 00 00 00 00 00 02 00 00 00 02 00 30 C9 01 00 ........ ....0...
3412. [020] 00 00 00 02 ....
3413. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3414. write_to_pipe: data_left = 36
3415. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3416. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36
3417. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
3418. fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0
3419. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3420. write_to_pipe: data_used = 16
3421. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3422. write_to_pipe: data_left = 20
3423. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3424. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20
3425. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3426. 000000 smb_io_rpc_hdr
3427. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3428. 0000 major : 05
3429. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3430. 0001 minor : 00
3431. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3432. 0002 pkt_type : 00
3433. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3434. 0003 flags : 03
3435. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3436. 0004 pack_type0: 10
3437. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3438. 0005 pack_type1: 00
3439. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3440. 0006 pack_type2: 00
3441. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3442. 0007 pack_type3: 00
3443. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3444. 0008 frag_len : 0024
3445. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3446. 000a auth_len : 0000
3447. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3448. 000c call_id : 00000001
3449. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
3450. unmarshall_rpc_header: using little-endian RPC
3451. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
3452. unmarshall_rpc_header: type = 0, flags = 3
3453. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3454. write_to_pipe: data_used = 0
3455. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3456. write_to_pipe: data_left = 20
3457. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3458. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20
3459. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
3460. process_complete_pdu: processing packet type 0
3461. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3462. 000000 smb_io_rpc_hdr_req req
3463. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3464. 0000 alloc_hint: 0000000c
3465. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3466. 0004 context_id: 0000
3467. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3468. 0006 opnum : 0002
3469. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
3470. free_pipe_context: destroying talloc pool of size 74
3471. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
3472. Requested \PIPE\winreg
3473. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
3474. api_rpcTNP: winreg op 0x2 - created /tmp/in_winreg_2.18.prs
3475. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
3476. api_rpcTNP: rpc command: WINREG_OPENHKLM
3477. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
3478. api_rpc_cmds[2].fn == 0x4e8140
3479. winreg_OpenHKLM: struct winreg_OpenHKLM
3480. in: struct winreg_OpenHKLM
3481. system_name : *
3482. system_name : 0xc930 (51504)
3483. access_mask : 0x02000000 (33554432)
3484. 0: KEY_QUERY_VALUE
3485. 0: KEY_SET_VALUE
3486. 0: KEY_CREATE_SUB_KEY
3487. 0: KEY_ENUMERATE_SUB_KEYS
3488. 0: KEY_NOTIFY
3489. 0: KEY_CREATE_LINK
3490. 0: KEY_WOW64_64KEY
3491. 0: KEY_WOW64_32KEY
3492. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
3493. regkey_open_onelevel: name = [HKLM]
3494. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
3495. push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
3496. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
3497. push_conn_ctx(100) : conn_ctx_stack_ndx = 0
3498. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
3499. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
3500. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
3501. NT user token: (NULL)
3502. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
3503. UNIX token of user 0
3504. Primary group is 0 and contains 0 supplementary groups
3505. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
3506. pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
3507. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(409)
3508. regdb_open: refcount reset (1)
3509. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
3510. reghook_cache_find: Searching for keyname [/HKLM]
3511. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
3512. pathtree_find: Enter [/HKLM]
3513. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3514. pathtree_find: [loop] base => [HKLM], new_path => []
3515. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3516. pathtree_find_child: child key => [HKLM]
3517. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3518. pathtree_find_child: child key => [HKPT]
3519. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3520. pathtree_find_child: Found [HKLM]
3521. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
3522. pathtree_find: Found data_p!
3523. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
3524. pathtree_find: Exit
3525. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
3526. reghook_cache_find: found ops 0xb89e00 for key [/HKLM]
3527. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
3528. regdb_fetch_keys: Enter key => [HKLM]
3529. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3530. tdb_unpack(d, 20) -> 4
3531. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3532. tdb_unpack(f, 16) -> 9
3533. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3534. tdb_unpack(f, 7) -> 7
3535. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
3536. regdb_fetch_keys: Exit [2] items
3537. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
3538. regdb_get_secdesc: Getting secdesc of key [HKLM]
3539. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
3540. se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
3541. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
3542. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
3543. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
3544. se_access_check: also S-1-1-0
3545. se_access_check: also S-1-5-2
3546. se_access_check: also S-1-5-32-546
3547. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
3548. Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
3549. [010] BC 55 00 00 .U..
3550. winreg_OpenHKLM: struct winreg_OpenHKLM
3551. out: struct winreg_OpenHKLM
3552. handle : *
3553. handle: struct policy_handle
3554. handle_type : 0x00000000 (0)
3555. uuid : 00000002-0000-0000-784b-a962bc550000
3556. result : WERR_OK
3557. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
3558. created /tmp/out_winreg_2.18.prs
3559. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
3560. api_rpcTNP: called winreg successfully
3561. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
3562. free_pipe_context: destroying talloc pool of size 0
3563. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3564. write_to_pipe: data_used = 20
3565. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
3566. read_from_pipe: 7716 name: winreg len: 1024
3567. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
3568. read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
3569. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3570. 000000 smb_io_rpc_hdr hdr
3571. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3572. 0000 major : 05
3573. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3574. 0001 minor : 00
3575. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3576. 0002 pkt_type : 02
3577. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3578. 0003 flags : 03
3579. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3580. 0004 pack_type0: 10
3581. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3582. 0005 pack_type1: 00
3583. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3584. 0006 pack_type2: 00
3585. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3586. 0007 pack_type3: 00
3587. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3588. 0008 frag_len : 0030
3589. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3590. 000a auth_len : 0000
3591. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3592. 000c call_id : 00000001
3593. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3594. 000010 smb_io_rpc_hdr_resp resp
3595. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3596. 0010 alloc_hint: 00000018
3597. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3598. 0014 context_id: 0000
3599. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3600. 0016 cancel_ct : 00
3601. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3602. 0017 reserved : 00
3603. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
3604. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
3605. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3606. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3607. size=104
3608. smb_com=0x25
3609. smb_rcls=0
3610. smb_reh=0
3611. smb_err=0
3612. smb_flg=136
3613. smb_flg2=51201
3614. smb_tid=1
3615. smb_pid=1332
3616. smb_uid=100
3617. smb_mid=832
3618. smt_wct=10
3619. smb_vwv[ 0]= 0 (0x0)
3620. smb_vwv[ 1]= 48 (0x30)
3621. smb_vwv[ 2]= 0 (0x0)
3622. smb_vwv[ 3]= 0 (0x0)
3623. smb_vwv[ 4]= 56 (0x38)
3624. smb_vwv[ 5]= 0 (0x0)
3625. smb_vwv[ 6]= 48 (0x30)
3626. smb_vwv[ 7]= 56 (0x38)
3627. smb_vwv[ 8]= 0 (0x0)
3628. smb_vwv[ 9]= 0 (0x0)
3629. smb_bcc=49
3630. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
3631. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0......
3632. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........
3633. [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
3634. [030] 00 .
3635. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3636. run_events: Nothing to do
3637. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
3638. run_events: Nothing to do
3639. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
3640. got smb length of 268
3641. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
3642. got message type 0x0 of len 0x10c
3643. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
3644. Transaction 14 of length 272 (0 toread)
3645. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
3646. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
3647. size=268
3648. smb_com=0x25
3649. smb_rcls=0
3650. smb_reh=0
3651. smb_err=0
3652. smb_flg=24
3653. smb_flg2=51207
3654. smb_tid=1
3655. smb_pid=1332
3656. smb_uid=100
3657. smb_mid=896
3658. smt_wct=16
3659. smb_vwv[ 0]= 0 (0x0)
3660. smb_vwv[ 1]= 184 (0xB8)
3661. smb_vwv[ 2]= 0 (0x0)
3662. smb_vwv[ 3]= 1024 (0x400)
3663. smb_vwv[ 4]= 0 (0x0)
3664. smb_vwv[ 5]= 0 (0x0)
3665. smb_vwv[ 6]= 0 (0x0)
3666. smb_vwv[ 7]= 0 (0x0)
3667. smb_vwv[ 8]= 0 (0x0)
3668. smb_vwv[ 9]= 0 (0x0)
3669. smb_vwv[10]= 84 (0x54)
3670. smb_vwv[11]= 184 (0xB8)
3671. smb_vwv[12]= 84 (0x54)
3672. smb_vwv[13]= 2 (0x2)
3673. smb_vwv[14]= 38 (0x26)
3674. smb_vwv[15]=30486 (0x7716)
3675. smb_bcc=201
3676. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
3677. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
3678. [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........
3679. [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........
3680. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 6E 00 6E .....xK. b.U..n.n
3681. [040] 00 00 00 02 00 37 00 00 00 00 00 00 00 37 00 00 .....7.. .....7..
3682. [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C
3683. [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o
3684. [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t
3685. [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e
3686. [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g
3687. [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m
3688. [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\....
3689. [0C0] 00 00 00 00 00 19 00 02 00 ........ .
3690. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
3691. switch message SMBtrans (pid 21948) conn 0x10fd8d0
3692. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
3693. change_to_user: Skipping user change - already user
3694. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
3695. trans <\PIPE\> data=184 params=0 setup=2
3696. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
3697. calling named_pipe
3698. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
3699. named pipe command on <> name
3700. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
3701. api_fd_reply
3702. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
3703. search for pipe pnum=7716
3704. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3705. pipe name winreg pnum=7716 (pipes_open=2)
3706. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
3707. pipe name lsarpc pnum=7715 (pipes_open=2)
3708. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
3709. Got API command 0x26 on pipe "winreg" (pnum 7716)
3710. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
3711. api_fd_reply: p:0x11090b0 max_trans_reply: 1024
3712. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
3713. write_to_pipe: 7716 name: winreg open: Yes len: 184
3714. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
3715. [000] 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 00 ........ ........
3716. [010] A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 00 ........ ........
3717. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 6E 00 6E 00 ....xK.b .U..n.n.
3718. [030] 00 00 02 00 37 00 00 00 00 00 00 00 37 00 00 00 ....7... ....7...
3719. [040] 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 00 S.y.s.t. e.m.\.C.
3720. [050] 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F 00 u.r.r.e. n.t.C.o.
3721. [060] 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 00 n.t.r.o. l.S.e.t.
3722. [070] 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 00 \.s.e.r. v.i.c.e.
3723. [080] 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 00 s.\.N.e. t.l.o.g.
3724. [090] 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D 00 o.n.\.p. a.r.a.m.
3725. [0A0] 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 00 e.t.e.r. s.\.....
3726. [0B0] 00 00 00 00 19 00 02 00 ........
3727. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3728. write_to_pipe: data_left = 184
3729. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3730. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184
3731. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
3732. fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0
3733. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3734. write_to_pipe: data_used = 16
3735. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3736. write_to_pipe: data_left = 168
3737. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3738. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168
3739. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3740. 000000 smb_io_rpc_hdr
3741. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3742. 0000 major : 05
3743. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3744. 0001 minor : 00
3745. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3746. 0002 pkt_type : 00
3747. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3748. 0003 flags : 03
3749. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3750. 0004 pack_type0: 10
3751. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3752. 0005 pack_type1: 00
3753. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3754. 0006 pack_type2: 00
3755. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
3756. 0007 pack_type3: 00
3757. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3758. 0008 frag_len : 00b8
3759. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3760. 000a auth_len : 0000
3761. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3762. 000c call_id : 00000002
3763. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
3764. unmarshall_rpc_header: using little-endian RPC
3765. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
3766. unmarshall_rpc_header: type = 0, flags = 3
3767. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
3768. write_to_pipe: data_used = 0
3769. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
3770. write_to_pipe: data_left = 168
3771. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
3772. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168
3773. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
3774. process_complete_pdu: processing packet type 0
3775. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
3776. 000000 smb_io_rpc_hdr_req req
3777. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
3778. 0000 alloc_hint: 000000a0
3779. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3780. 0004 context_id: 0000
3781. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
3782. 0006 opnum : 000f
3783. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
3784. free_pipe_context: destroying talloc pool of size 0
3785. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
3786. Requested \PIPE\winreg
3787. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
3788. api_rpcTNP: winreg op 0xf - created /tmp/in_winreg_15.18.prs
3789. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
3790. api_rpcTNP: rpc command: WINREG_OPENKEY
3791. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
3792. api_rpc_cmds[15].fn == 0x4e64c0
3793. winreg_OpenKey: struct winreg_OpenKey
3794. in: struct winreg_OpenKey
3795. parent_handle : *
3796. parent_handle: struct policy_handle
3797. handle_type : 0x00000000 (0)
3798. uuid : 00000002-0000-0000-784b-a962bc550000
3799. keyname: struct winreg_String
3800. name_len : 0x006e (110)
3801. name_size : 0x006e (110)
3802. name : *
3803. name : 'System\CurrentControlSet\services\Netlogon\parameters\'
3804. unknown : 0x00000000 (0)
3805. access_mask : 0x00020019 (131097)
3806. 1: KEY_QUERY_VALUE
3807. 0: KEY_SET_VALUE
3808. 0: KEY_CREATE_SUB_KEY
3809. 1: KEY_ENUMERATE_SUB_KEYS
3810. 1: KEY_NOTIFY
3811. 0: KEY_CREATE_LINK
3812. 0: KEY_WOW64_64KEY
3813. 0: KEY_WOW64_32KEY
3814. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
3815. Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
3816. [010] BC 55 00 00 .U..
3817. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
3818. regkey_open_onelevel: name = [System]
3819. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
3820. regdb_open: incrementing refcount (1)
3821. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
3822. reghook_cache_find: Searching for keyname [/HKLM/System]
3823. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
3824. pathtree_find: Enter [/HKLM/System]
3825. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3826. pathtree_find: [loop] base => [HKLM], new_path => [System]
3827. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3828. pathtree_find_child: child key => [HKLM]
3829. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3830. pathtree_find_child: child key => [HKPT]
3831. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3832. pathtree_find_child: Found [HKLM]
3833. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3834. pathtree_find: [loop] base => [System], new_path => []
3835. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3836. pathtree_find_child: child key => [SOFTWARE]
3837. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3838. pathtree_find_child: child key => [SYSTEM]
3839. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3840. pathtree_find_child: Found [System]
3841. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
3842. pathtree_find: Found data_p!
3843. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
3844. pathtree_find: Exit
3845. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
3846. reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System]
3847. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
3848. regdb_fetch_keys: Enter key => [HKLM\System]
3849. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3850. tdb_unpack(d, 22) -> 4
3851. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3852. tdb_unpack(f, 18) -> 18
3853. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
3854. regdb_fetch_keys: Exit [1] items
3855. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
3856. regdb_get_secdesc: Getting secdesc of key [HKLM\System]
3857. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
3858. se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
3859. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
3860. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
3861. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
3862. se_access_check: also S-1-1-0
3863. se_access_check: also S-1-5-2
3864. se_access_check: also S-1-5-32-546
3865. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
3866. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
3867. se_access_check: access (8) granted.
3868. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
3869. regkey_open_onelevel: name = [CurrentControlSet]
3870. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
3871. regdb_open: incrementing refcount (2)
3872. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
3873. reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet]
3874. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
3875. pathtree_find: Enter [/HKLM/System/CurrentControlSet]
3876. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3877. pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet]
3878. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3879. pathtree_find_child: child key => [HKLM]
3880. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3881. pathtree_find_child: child key => [HKPT]
3882. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3883. pathtree_find_child: Found [HKLM]
3884. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3885. pathtree_find: [loop] base => [System], new_path => [CurrentControlSet]
3886. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3887. pathtree_find_child: child key => [SOFTWARE]
3888. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3889. pathtree_find_child: child key => [SYSTEM]
3890. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3891. pathtree_find_child: Found [System]
3892. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3893. pathtree_find: [loop] base => [CurrentControlSet], new_path => []
3894. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3895. pathtree_find_child: child key => [CurrentControlSet]
3896. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3897. pathtree_find_child: Found [CurrentControlSet]
3898. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
3899. pathtree_find: Found data_p!
3900. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
3901. pathtree_find: Exit
3902. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
3903. reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet]
3904. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
3905. regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet]
3906. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3907. tdb_unpack(d, 21) -> 4
3908. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3909. tdb_unpack(f, 17) -> 8
3910. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3911. tdb_unpack(f, 9) -> 9
3912. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
3913. regdb_fetch_keys: Exit [2] items
3914. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
3915. regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet]
3916. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
3917. se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
3918. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
3919. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
3920. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
3921. se_access_check: also S-1-1-0
3922. se_access_check: also S-1-5-2
3923. se_access_check: also S-1-5-32-546
3924. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
3925. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
3926. se_access_check: access (8) granted.
3927. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
3928. regdb_close: decrementing refcount (2)
3929. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
3930. regkey_open_onelevel: name = [services]
3931. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
3932. regdb_open: incrementing refcount (2)
3933. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
3934. reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services]
3935. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
3936. pathtree_find: Enter [/HKLM/System/CurrentControlSet/services]
3937. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3938. pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services]
3939. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3940. pathtree_find_child: child key => [HKLM]
3941. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3942. pathtree_find_child: child key => [HKPT]
3943. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3944. pathtree_find_child: Found [HKLM]
3945. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3946. pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services]
3947. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3948. pathtree_find_child: child key => [SOFTWARE]
3949. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3950. pathtree_find_child: child key => [SYSTEM]
3951. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3952. pathtree_find_child: Found [System]
3953. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3954. pathtree_find: [loop] base => [CurrentControlSet], new_path => [services]
3955. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3956. pathtree_find_child: child key => [CurrentControlSet]
3957. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3958. pathtree_find_child: Found [CurrentControlSet]
3959. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
3960. pathtree_find: [loop] base => [services], new_path => []
3961. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3962. pathtree_find_child: child key => [Control]
3963. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
3964. pathtree_find_child: child key => [Services]
3965. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
3966. pathtree_find_child: Found [services]
3967. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
3968. pathtree_find: Found data_p!
3969. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
3970. pathtree_find: Exit
3971. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
3972. reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services]
3973. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
3974. regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services]
3975. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3976. tdb_unpack(d, 69) -> 4
3977. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3978. tdb_unpack(f, 65) -> 13
3979. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3980. tdb_unpack(f, 52) -> 9
3981. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3982. tdb_unpack(f, 43) -> 6
3983. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3984. tdb_unpack(f, 37) -> 9
3985. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3986. tdb_unpack(f, 28) -> 8
3987. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3988. tdb_unpack(f, 20) -> 15
3989. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
3990. tdb_unpack(f, 5) -> 5
3991. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
3992. regdb_fetch_keys: Exit [7] items
3993. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
3994. regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services]
3995. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
3996. se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
3997. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
3998. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
3999. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
4000. se_access_check: also S-1-1-0
4001. se_access_check: also S-1-5-2
4002. se_access_check: also S-1-5-32-546
4003. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
4004. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
4005. se_access_check: access (8) granted.
4006. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
4007. regdb_close: decrementing refcount (2)
4008. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
4009. regkey_open_onelevel: name = [Netlogon]
4010. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
4011. regdb_open: incrementing refcount (2)
4012. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
4013. reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon]
4014. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
4015. pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon]
4016. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4017. pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon]
4018. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4019. pathtree_find_child: child key => [HKLM]
4020. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4021. pathtree_find_child: child key => [HKPT]
4022. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4023. pathtree_find_child: Found [HKLM]
4024. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4025. pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon]
4026. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4027. pathtree_find_child: child key => [SOFTWARE]
4028. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4029. pathtree_find_child: child key => [SYSTEM]
4030. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4031. pathtree_find_child: Found [System]
4032. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4033. pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon]
4034. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4035. pathtree_find_child: child key => [CurrentControlSet]
4036. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4037. pathtree_find_child: Found [CurrentControlSet]
4038. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4039. pathtree_find: [loop] base => [services], new_path => [Netlogon]
4040. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4041. pathtree_find_child: child key => [Control]
4042. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4043. pathtree_find_child: child key => [Services]
4044. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4045. pathtree_find_child: Found [services]
4046. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4047. pathtree_find: [loop] base => [Netlogon], new_path => []
4048. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4049. pathtree_find_child: child key => [LanmanServer]
4050. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4051. pathtree_find_child: child key => [Netlogon]
4052. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4053. pathtree_find_child: child key => [Tcpip]
4054. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4055. pathtree_find_child: Found [Netlogon]
4056. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
4057. pathtree_find: Found data_p!
4058. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
4059. pathtree_find: Exit
4060. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
4061. reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services/Netlogon]
4062. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
4063. regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon]
4064. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
4065. tdb_unpack(d, 24) -> 4
4066. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
4067. tdb_unpack(f, 20) -> 11
4068. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
4069. tdb_unpack(f, 9) -> 9
4070. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
4071. regdb_fetch_keys: Exit [2] items
4072. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
4073. regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services\Netlogon]
4074. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
4075. se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
4076. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
4077. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
4078. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
4079. se_access_check: also S-1-1-0
4080. se_access_check: also S-1-5-2
4081. se_access_check: also S-1-5-32-546
4082. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
4083. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
4084. se_access_check: access (8) granted.
4085. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
4086. regdb_close: decrementing refcount (2)
4087. [2010/02/14 20:52:57, 7] registry/reg_api.c:regkey_open_onelevel(132)
4088. regkey_open_onelevel: name = [parameters]
4089. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
4090. regdb_open: incrementing refcount (2)
4091. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
4092. reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
4093. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
4094. pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
4095. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4096. pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon/parameters]
4097. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4098. pathtree_find_child: child key => [HKLM]
4099. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4100. pathtree_find_child: child key => [HKPT]
4101. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4102. pathtree_find_child: Found [HKLM]
4103. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4104. pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon/parameters]
4105. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4106. pathtree_find_child: child key => [SOFTWARE]
4107. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4108. pathtree_find_child: child key => [SYSTEM]
4109. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4110. pathtree_find_child: Found [System]
4111. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4112. pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon/parameters]
4113. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4114. pathtree_find_child: child key => [CurrentControlSet]
4115. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4116. pathtree_find_child: Found [CurrentControlSet]
4117. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4118. pathtree_find: [loop] base => [services], new_path => [Netlogon/parameters]
4119. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4120. pathtree_find_child: child key => [Control]
4121. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4122. pathtree_find_child: child key => [Services]
4123. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4124. pathtree_find_child: Found [services]
4125. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4126. pathtree_find: [loop] base => [Netlogon], new_path => [parameters]
4127. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4128. pathtree_find_child: child key => [LanmanServer]
4129. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4130. pathtree_find_child: child key => [Netlogon]
4131. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4132. pathtree_find_child: child key => [Tcpip]
4133. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4134. pathtree_find_child: Found [Netlogon]
4135. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
4136. pathtree_find: [loop] base => [parameters], new_path => []
4137. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
4138. pathtree_find_child: child key => [Parameters]
4139. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
4140. pathtree_find_child: Found [parameters]
4141. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
4142. pathtree_find: Found data_p!
4143. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
4144. pathtree_find: Exit
4145. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
4146. reghook_cache_find: found ops 0xb8b280 for key [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
4147. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
4148. regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
4149. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
4150. tdb_unpack(d, 4) -> 4
4151. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
4152. regdb_fetch_keys: Exit [0] items
4153. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
4154. se_access_check: requested access 0x00020019, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
4155. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(249)
4156. [2010/02/14 20:52:57, 3] lib/util_seaccess.c:se_access_check(252)
4157. se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
4158. se_access_check: also S-1-1-0
4159. se_access_check: also S-1-5-2
4160. se_access_check: also S-1-5-32-546
4161. se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019
4162. [2010/02/14 20:52:57, 5] lib/util_seaccess.c:se_access_check(310)
4163. se_access_check: access (20019) granted.
4164. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
4165. regdb_close: decrementing refcount (2)
4166. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
4167. Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4168. [010] BC 55 00 00 .U..
4169. winreg_OpenKey: struct winreg_OpenKey
4170. out: struct winreg_OpenKey
4171. handle : *
4172. handle: struct policy_handle
4173. handle_type : 0x00000000 (0)
4174. uuid : 00000003-0000-0000-784b-a962bc550000
4175. result : WERR_OK
4176. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
4177. created /tmp/out_winreg_15.18.prs
4178. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
4179. api_rpcTNP: called winreg successfully
4180. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4181. free_pipe_context: destroying talloc pool of size 0
4182. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4183. write_to_pipe: data_used = 168
4184. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
4185. read_from_pipe: 7716 name: winreg len: 1024
4186. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
4187. read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
4188. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4189. 000000 smb_io_rpc_hdr hdr
4190. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4191. 0000 major : 05
4192. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4193. 0001 minor : 00
4194. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4195. 0002 pkt_type : 02
4196. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4197. 0003 flags : 03
4198. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4199. 0004 pack_type0: 10
4200. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4201. 0005 pack_type1: 00
4202. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4203. 0006 pack_type2: 00
4204. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4205. 0007 pack_type3: 00
4206. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4207. 0008 frag_len : 0030
4208. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4209. 000a auth_len : 0000
4210. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4211. 000c call_id : 00000002
4212. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4213. 000010 smb_io_rpc_hdr_resp resp
4214. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4215. 0010 alloc_hint: 00000018
4216. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4217. 0014 context_id: 0000
4218. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4219. 0016 cancel_ct : 00
4220. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4221. 0017 reserved : 00
4222. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
4223. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
4224. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4225. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4226. size=104
4227. smb_com=0x25
4228. smb_rcls=0
4229. smb_reh=0
4230. smb_err=0
4231. smb_flg=136
4232. smb_flg2=51201
4233. smb_tid=1
4234. smb_pid=1332
4235. smb_uid=100
4236. smb_mid=896
4237. smt_wct=10
4238. smb_vwv[ 0]= 0 (0x0)
4239. smb_vwv[ 1]= 48 (0x30)
4240. smb_vwv[ 2]= 0 (0x0)
4241. smb_vwv[ 3]= 0 (0x0)
4242. smb_vwv[ 4]= 56 (0x38)
4243. smb_vwv[ 5]= 0 (0x0)
4244. smb_vwv[ 6]= 48 (0x30)
4245. smb_vwv[ 7]= 56 (0x38)
4246. smb_vwv[ 8]= 0 (0x0)
4247. smb_vwv[ 9]= 0 (0x0)
4248. smb_bcc=49
4249. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4250. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0......
4251. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........
4252. [020] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 00 00 00 .....xK. b.U.....
4253. [030] 00 .
4254. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4255. run_events: Nothing to do
4256. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4257. run_events: Nothing to do
4258. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
4259. got smb length of 232
4260. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
4261. got message type 0x0 of len 0xe8
4262. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
4263. Transaction 15 of length 236 (0 toread)
4264. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4265. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4266. size=232
4267. smb_com=0x25
4268. smb_rcls=0
4269. smb_reh=0
4270. smb_err=0
4271. smb_flg=24
4272. smb_flg2=51207
4273. smb_tid=1
4274. smb_pid=1332
4275. smb_uid=100
4276. smb_mid=960
4277. smt_wct=16
4278. smb_vwv[ 0]= 0 (0x0)
4279. smb_vwv[ 1]= 148 (0x94)
4280. smb_vwv[ 2]= 0 (0x0)
4281. smb_vwv[ 3]= 1024 (0x400)
4282. smb_vwv[ 4]= 0 (0x0)
4283. smb_vwv[ 5]= 0 (0x0)
4284. smb_vwv[ 6]= 0 (0x0)
4285. smb_vwv[ 7]= 0 (0x0)
4286. smb_vwv[ 8]= 0 (0x0)
4287. smb_vwv[ 9]= 0 (0x0)
4288. smb_vwv[10]= 84 (0x54)
4289. smb_vwv[11]= 148 (0x94)
4290. smb_vwv[12]= 84 (0x54)
4291. smb_vwv[13]= 2 (0x2)
4292. smb_vwv[14]= 38 (0x26)
4293. smb_vwv[15]=30486 (0x7716)
4294. smb_bcc=165
4295. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4296. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
4297. [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........
4298. [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........
4299. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 2A 00 2A .....xK. b.U..*.*
4300. [040] 00 00 00 02 00 15 00 00 00 00 00 00 00 15 00 00 ........ ........
4301. [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a
4302. [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h
4303. [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 04 00 02 .a.n.g.e ...S....
4304. [080] 00 94 F5 F8 01 08 00 02 00 04 00 00 00 00 00 00 ........ ........
4305. [090] 00 00 00 00 00 0C 00 02 00 04 00 00 00 10 00 02 ........ ........
4306. [0A0] 00 00 00 00 00 .....
4307. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
4308. switch message SMBtrans (pid 21948) conn 0x10fd8d0
4309. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
4310. change_to_user: Skipping user change - already user
4311. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
4312. trans <\PIPE\> data=148 params=0 setup=2
4313. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
4314. calling named_pipe
4315. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
4316. named pipe command on <> name
4317. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
4318. api_fd_reply
4319. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
4320. search for pipe pnum=7716
4321. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4322. pipe name winreg pnum=7716 (pipes_open=2)
4323. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4324. pipe name lsarpc pnum=7715 (pipes_open=2)
4325. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
4326. Got API command 0x26 on pipe "winreg" (pnum 7716)
4327. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
4328. api_fd_reply: p:0x11090b0 max_trans_reply: 1024
4329. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
4330. write_to_pipe: 7716 name: winreg open: Yes len: 148
4331. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
4332. [000] 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 00 ........ ........
4333. [010] 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 00 |....... ........
4334. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 2A 00 2A 00 ....xK.b .U..*.*.
4335. [030] 00 00 02 00 15 00 00 00 00 00 00 00 15 00 00 00 ........ ........
4336. [040] 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 00 R.e.f.u. s.e.P.a.
4337. [050] 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 00 s.s.w.o. r.d.C.h.
4338. [060] 61 00 6E 00 67 00 65 00 00 00 53 00 04 00 02 00 a.n.g.e. ..S.....
4339. [070] 94 F5 F8 01 08 00 02 00 04 00 00 00 00 00 00 00 ........ ........
4340. [080] 00 00 00 00 0C 00 02 00 04 00 00 00 10 00 02 00 ........ ........
4341. [090] 00 00 00 00 ....
4342. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4343. write_to_pipe: data_left = 148
4344. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4345. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148
4346. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
4347. fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0
4348. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4349. write_to_pipe: data_used = 16
4350. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4351. write_to_pipe: data_left = 132
4352. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4353. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132
4354. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4355. 000000 smb_io_rpc_hdr
4356. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4357. 0000 major : 05
4358. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4359. 0001 minor : 00
4360. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4361. 0002 pkt_type : 00
4362. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4363. 0003 flags : 03
4364. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4365. 0004 pack_type0: 10
4366. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4367. 0005 pack_type1: 00
4368. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4369. 0006 pack_type2: 00
4370. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4371. 0007 pack_type3: 00
4372. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4373. 0008 frag_len : 0094
4374. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4375. 000a auth_len : 0000
4376. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4377. 000c call_id : 00000003
4378. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
4379. unmarshall_rpc_header: using little-endian RPC
4380. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
4381. unmarshall_rpc_header: type = 0, flags = 3
4382. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4383. write_to_pipe: data_used = 0
4384. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4385. write_to_pipe: data_left = 132
4386. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4387. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132
4388. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
4389. process_complete_pdu: processing packet type 0
4390. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4391. 000000 smb_io_rpc_hdr_req req
4392. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4393. 0000 alloc_hint: 0000007c
4394. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4395. 0004 context_id: 0000
4396. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4397. 0006 opnum : 0011
4398. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4399. free_pipe_context: destroying talloc pool of size 0
4400. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
4401. Requested \PIPE\winreg
4402. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
4403. api_rpcTNP: winreg op 0x11 - created /tmp/in_winreg_17.18.prs
4404. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
4405. api_rpcTNP: rpc command: WINREG_QUERYVALUE
4406. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
4407. api_rpc_cmds[17].fn == 0x4e5ec8
4408. winreg_QueryValue: struct winreg_QueryValue
4409. in: struct winreg_QueryValue
4410. handle : *
4411. handle: struct policy_handle
4412. handle_type : 0x00000000 (0)
4413. uuid : 00000003-0000-0000-784b-a962bc550000
4414. value_name : *
4415. value_name: struct winreg_String
4416. name_len : 0x002a (42)
4417. name_size : 0x002a (42)
4418. name : *
4419. name : 'RefusePasswordChange'
4420. type : *
4421. type : UNKNOWN_ENUM_VALUE (33093012)
4422. data : *
4423. data: ARRAY(0)
4424. data_size : *
4425. data_size : 0x00000004 (4)
4426. value_length : *
4427. value_length : 0x00000000 (0)
4428. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
4429. Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4430. [010] BC 55 00 00 .U..
4431. [2010/02/14 20:52:57, 7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(239)
4432. _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
4433. [2010/02/14 20:52:57, 7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(240)
4434. _reg_info: policy key type = [00000000]
4435. [2010/02/14 20:52:57, 10] registry/reg_dispatcher.c:fetch_reg_values(131)
4436. fetch_reg_values called for key 'HKLM\System\CurrentControlSet\services\Netlogon\parameters' (ops 0xb8b280)
4437. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
4438. push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
4439. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
4440. push_conn_ctx(100) : conn_ctx_stack_ndx = 0
4441. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
4442. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
4443. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
4444. NT user token: (NULL)
4445. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
4446. UNIX token of user 0
4447. Primary group is 0 and contains 0 supplementary groups
4448. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
4449. Cache entry with key = ACCT_POL/refuse machine password change couldn't be found
4450. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
4451. ldapsam_get_account_policy_from_ldap
4452. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
4453. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
4454. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
4455. smbldap_open: already connected to the LDAP server
4456. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
4457. ldapsam_get_account_policy: failed to retrieve from ldap
4458. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
4459. ldapsam_set_account_policy_in_ldap
4460. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_modify(1402)
4461. smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
4462. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
4463. smbldap_open: already connected to the LDAP server
4464. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
4465. cache_account_policy_set: updating account pol cache
4466. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
4467. Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
4468. and timeout = Sun Feb 14 20:53:57 2010
4469. (60 seconds ahead)
4470. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
4471. cache_account_policy_set: updating account pol cache
4472. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
4473. Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
4474. and timeout = Sun Feb 14 20:53:57 2010
4475. (60 seconds ahead)
4476. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
4477. pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
4478. winreg_QueryValue: struct winreg_QueryValue
4479. out: struct winreg_QueryValue
4480. type : *
4481. type : REG_DWORD (4)
4482. data : *
4483. data: ARRAY(4)
4484. [0] : 0x00 (0)
4485. [1] : 0x00 (0)
4486. [2] : 0x00 (0)
4487. [3] : 0x00 (0)
4488. data_size : *
4489. data_size : 0x00000004 (4)
4490. value_length : *
4491. value_length : 0x00000004 (4)
4492. result : WERR_OK
4493. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
4494. created /tmp/out_winreg_17.18.prs
4495. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
4496. api_rpcTNP: called winreg successfully
4497. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4498. free_pipe_context: destroying talloc pool of size 36
4499. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4500. write_to_pipe: data_used = 132
4501. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
4502. read_from_pipe: 7716 name: winreg len: 1024
4503. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
4504. read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48.
4505. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4506. 000000 smb_io_rpc_hdr hdr
4507. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4508. 0000 major : 05
4509. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4510. 0001 minor : 00
4511. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4512. 0002 pkt_type : 02
4513. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4514. 0003 flags : 03
4515. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4516. 0004 pack_type0: 10
4517. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4518. 0005 pack_type1: 00
4519. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4520. 0006 pack_type2: 00
4521. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4522. 0007 pack_type3: 00
4523. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4524. 0008 frag_len : 0048
4525. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4526. 000a auth_len : 0000
4527. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4528. 000c call_id : 00000003
4529. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4530. 000010 smb_io_rpc_hdr_resp resp
4531. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4532. 0010 alloc_hint: 00000030
4533. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4534. 0014 context_id: 0000
4535. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4536. 0016 cancel_ct : 00
4537. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4538. 0017 reserved : 00
4539. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
4540. copy_trans_params_and_data: params[0..0] data[0..72] (align 0)
4541. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4542. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4543. size=128
4544. smb_com=0x25
4545. smb_rcls=0
4546. smb_reh=0
4547. smb_err=0
4548. smb_flg=136
4549. smb_flg2=51201
4550. smb_tid=1
4551. smb_pid=1332
4552. smb_uid=100
4553. smb_mid=960
4554. smt_wct=10
4555. smb_vwv[ 0]= 0 (0x0)
4556. smb_vwv[ 1]= 72 (0x48)
4557. smb_vwv[ 2]= 0 (0x0)
4558. smb_vwv[ 3]= 0 (0x0)
4559. smb_vwv[ 4]= 56 (0x38)
4560. smb_vwv[ 5]= 0 (0x0)
4561. smb_vwv[ 6]= 72 (0x48)
4562. smb_vwv[ 7]= 56 (0x38)
4563. smb_vwv[ 8]= 0 (0x0)
4564. smb_vwv[ 9]= 0 (0x0)
4565. smb_bcc=73
4566. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4567. [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H......
4568. [010] 00 30 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .0...... ........
4569. [020] 00 04 00 02 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........
4570. [030] 00 00 00 00 00 08 00 02 00 04 00 00 00 0C 00 02 ........ ........
4571. [040] 00 04 00 00 00 00 00 00 00 ........ .
4572. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4573. run_events: Nothing to do
4574. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4575. run_events: Nothing to do
4576. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
4577. got smb length of 128
4578. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
4579. got message type 0x0 of len 0x80
4580. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
4581. Transaction 16 of length 132 (0 toread)
4582. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4583. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4584. size=128
4585. smb_com=0x25
4586. smb_rcls=0
4587. smb_reh=0
4588. smb_err=0
4589. smb_flg=24
4590. smb_flg2=51207
4591. smb_tid=1
4592. smb_pid=1332
4593. smb_uid=100
4594. smb_mid=1024
4595. smt_wct=16
4596. smb_vwv[ 0]= 0 (0x0)
4597. smb_vwv[ 1]= 44 (0x2C)
4598. smb_vwv[ 2]= 0 (0x0)
4599. smb_vwv[ 3]= 1024 (0x400)
4600. smb_vwv[ 4]= 0 (0x0)
4601. smb_vwv[ 5]= 0 (0x0)
4602. smb_vwv[ 6]= 0 (0x0)
4603. smb_vwv[ 7]= 0 (0x0)
4604. smb_vwv[ 8]= 0 (0x0)
4605. smb_vwv[ 9]= 0 (0x0)
4606. smb_vwv[10]= 84 (0x54)
4607. smb_vwv[11]= 44 (0x2C)
4608. smb_vwv[12]= 84 (0x54)
4609. smb_vwv[13]= 2 (0x2)
4610. smb_vwv[14]= 38 (0x26)
4611. smb_vwv[15]=30486 (0x7716)
4612. smb_bcc=61
4613. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4614. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
4615. [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,......
4616. [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........
4617. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
4618. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
4619. switch message SMBtrans (pid 21948) conn 0x10fd8d0
4620. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
4621. change_to_user: Skipping user change - already user
4622. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
4623. trans <\PIPE\> data=44 params=0 setup=2
4624. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
4625. calling named_pipe
4626. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
4627. named pipe command on <> name
4628. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
4629. api_fd_reply
4630. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
4631. search for pipe pnum=7716
4632. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4633. pipe name winreg pnum=7716 (pipes_open=2)
4634. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4635. pipe name lsarpc pnum=7715 (pipes_open=2)
4636. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
4637. Got API command 0x26 on pipe "winreg" (pnum 7716)
4638. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
4639. api_fd_reply: p:0x11090b0 max_trans_reply: 1024
4640. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
4641. write_to_pipe: 7716 name: winreg open: Yes len: 44
4642. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
4643. [000] 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 ........ ,.......
4644. [010] 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 00 ........ ........
4645. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
4646. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4647. write_to_pipe: data_left = 44
4648. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4649. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
4650. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
4651. fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
4652. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4653. write_to_pipe: data_used = 16
4654. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4655. write_to_pipe: data_left = 28
4656. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4657. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
4658. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4659. 000000 smb_io_rpc_hdr
4660. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4661. 0000 major : 05
4662. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4663. 0001 minor : 00
4664. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4665. 0002 pkt_type : 00
4666. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4667. 0003 flags : 03
4668. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4669. 0004 pack_type0: 10
4670. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4671. 0005 pack_type1: 00
4672. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4673. 0006 pack_type2: 00
4674. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4675. 0007 pack_type3: 00
4676. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4677. 0008 frag_len : 002c
4678. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4679. 000a auth_len : 0000
4680. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4681. 000c call_id : 00000004
4682. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
4683. unmarshall_rpc_header: using little-endian RPC
4684. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
4685. unmarshall_rpc_header: type = 0, flags = 3
4686. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4687. write_to_pipe: data_used = 0
4688. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4689. write_to_pipe: data_left = 28
4690. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4691. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
4692. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
4693. process_complete_pdu: processing packet type 0
4694. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4695. 000000 smb_io_rpc_hdr_req req
4696. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4697. 0000 alloc_hint: 00000014
4698. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4699. 0004 context_id: 0000
4700. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4701. 0006 opnum : 0005
4702. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4703. free_pipe_context: destroying talloc pool of size 0
4704. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
4705. Requested \PIPE\winreg
4706. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
4707. api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.35.prs
4708. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
4709. api_rpcTNP: rpc command: WINREG_CLOSEKEY
4710. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
4711. api_rpc_cmds[5].fn == 0x4e7a78
4712. winreg_CloseKey: struct winreg_CloseKey
4713. in: struct winreg_CloseKey
4714. handle : *
4715. handle: struct policy_handle
4716. handle_type : 0x00000000 (0)
4717. uuid : 00000003-0000-0000-784b-a962bc550000
4718. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
4719. Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4720. [010] BC 55 00 00 .U..
4721. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
4722. Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4723. [010] BC 55 00 00 .U..
4724. [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
4725. Closed policy
4726. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
4727. regdb_close: decrementing refcount (1)
4728. winreg_CloseKey: struct winreg_CloseKey
4729. out: struct winreg_CloseKey
4730. handle : *
4731. handle: struct policy_handle
4732. handle_type : 0x00000000 (0)
4733. uuid : 00000000-0000-0000-0000-000000000000
4734. result : WERR_OK
4735. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
4736. created /tmp/out_winreg_5.35.prs
4737. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
4738. api_rpcTNP: called winreg successfully
4739. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4740. free_pipe_context: destroying talloc pool of size 0
4741. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4742. write_to_pipe: data_used = 28
4743. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
4744. read_from_pipe: 7716 name: winreg len: 1024
4745. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
4746. read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
4747. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4748. 000000 smb_io_rpc_hdr hdr
4749. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4750. 0000 major : 05
4751. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4752. 0001 minor : 00
4753. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4754. 0002 pkt_type : 02
4755. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4756. 0003 flags : 03
4757. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4758. 0004 pack_type0: 10
4759. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4760. 0005 pack_type1: 00
4761. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4762. 0006 pack_type2: 00
4763. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4764. 0007 pack_type3: 00
4765. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4766. 0008 frag_len : 0030
4767. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4768. 000a auth_len : 0000
4769. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4770. 000c call_id : 00000004
4771. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4772. 000010 smb_io_rpc_hdr_resp resp
4773. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4774. 0010 alloc_hint: 00000018
4775. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4776. 0014 context_id: 0000
4777. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4778. 0016 cancel_ct : 00
4779. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4780. 0017 reserved : 00
4781. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
4782. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
4783. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4784. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4785. size=104
4786. smb_com=0x25
4787. smb_rcls=0
4788. smb_reh=0
4789. smb_err=0
4790. smb_flg=136
4791. smb_flg2=51201
4792. smb_tid=1
4793. smb_pid=1332
4794. smb_uid=100
4795. smb_mid=1024
4796. smt_wct=10
4797. smb_vwv[ 0]= 0 (0x0)
4798. smb_vwv[ 1]= 48 (0x30)
4799. smb_vwv[ 2]= 0 (0x0)
4800. smb_vwv[ 3]= 0 (0x0)
4801. smb_vwv[ 4]= 56 (0x38)
4802. smb_vwv[ 5]= 0 (0x0)
4803. smb_vwv[ 6]= 48 (0x30)
4804. smb_vwv[ 7]= 56 (0x38)
4805. smb_vwv[ 8]= 0 (0x0)
4806. smb_vwv[ 9]= 0 (0x0)
4807. smb_bcc=49
4808. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4809. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
4810. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
4811. [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
4812. [030] 00 .
4813. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4814. run_events: Nothing to do
4815. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
4816. run_events: Nothing to do
4817. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
4818. got smb length of 128
4819. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
4820. got message type 0x0 of len 0x80
4821. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
4822. Transaction 17 of length 132 (0 toread)
4823. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
4824. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
4825. size=128
4826. smb_com=0x25
4827. smb_rcls=0
4828. smb_reh=0
4829. smb_err=0
4830. smb_flg=24
4831. smb_flg2=51207
4832. smb_tid=1
4833. smb_pid=1332
4834. smb_uid=100
4835. smb_mid=1088
4836. smt_wct=16
4837. smb_vwv[ 0]= 0 (0x0)
4838. smb_vwv[ 1]= 44 (0x2C)
4839. smb_vwv[ 2]= 0 (0x0)
4840. smb_vwv[ 3]= 1024 (0x400)
4841. smb_vwv[ 4]= 0 (0x0)
4842. smb_vwv[ 5]= 0 (0x0)
4843. smb_vwv[ 6]= 0 (0x0)
4844. smb_vwv[ 7]= 0 (0x0)
4845. smb_vwv[ 8]= 0 (0x0)
4846. smb_vwv[ 9]= 0 (0x0)
4847. smb_vwv[10]= 84 (0x54)
4848. smb_vwv[11]= 44 (0x2C)
4849. smb_vwv[12]= 84 (0x54)
4850. smb_vwv[13]= 2 (0x2)
4851. smb_vwv[14]= 38 (0x26)
4852. smb_vwv[15]=30486 (0x7716)
4853. smb_bcc=61
4854. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
4855. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
4856. [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,......
4857. [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........
4858. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
4859. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
4860. switch message SMBtrans (pid 21948) conn 0x10fd8d0
4861. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
4862. change_to_user: Skipping user change - already user
4863. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
4864. trans <\PIPE\> data=44 params=0 setup=2
4865. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
4866. calling named_pipe
4867. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
4868. named pipe command on <> name
4869. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
4870. api_fd_reply
4871. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
4872. search for pipe pnum=7716
4873. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4874. pipe name winreg pnum=7716 (pipes_open=2)
4875. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
4876. pipe name lsarpc pnum=7715 (pipes_open=2)
4877. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
4878. Got API command 0x26 on pipe "winreg" (pnum 7716)
4879. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
4880. api_fd_reply: p:0x11090b0 max_trans_reply: 1024
4881. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
4882. write_to_pipe: 7716 name: winreg open: Yes len: 44
4883. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
4884. [000] 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 00 ........ ,.......
4885. [010] 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 00 ........ ........
4886. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
4887. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4888. write_to_pipe: data_left = 44
4889. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4890. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
4891. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
4892. fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
4893. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4894. write_to_pipe: data_used = 16
4895. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4896. write_to_pipe: data_left = 28
4897. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4898. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
4899. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4900. 000000 smb_io_rpc_hdr
4901. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4902. 0000 major : 05
4903. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4904. 0001 minor : 00
4905. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4906. 0002 pkt_type : 00
4907. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4908. 0003 flags : 03
4909. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4910. 0004 pack_type0: 10
4911. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4912. 0005 pack_type1: 00
4913. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4914. 0006 pack_type2: 00
4915. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4916. 0007 pack_type3: 00
4917. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4918. 0008 frag_len : 002c
4919. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4920. 000a auth_len : 0000
4921. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4922. 000c call_id : 00000005
4923. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
4924. unmarshall_rpc_header: using little-endian RPC
4925. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
4926. unmarshall_rpc_header: type = 0, flags = 3
4927. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4928. write_to_pipe: data_used = 0
4929. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
4930. write_to_pipe: data_left = 28
4931. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
4932. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
4933. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
4934. process_complete_pdu: processing packet type 0
4935. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4936. 000000 smb_io_rpc_hdr_req req
4937. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
4938. 0000 alloc_hint: 00000014
4939. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4940. 0004 context_id: 0000
4941. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
4942. 0006 opnum : 0005
4943. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4944. free_pipe_context: destroying talloc pool of size 0
4945. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
4946. Requested \PIPE\winreg
4947. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
4948. api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.36.prs
4949. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
4950. api_rpcTNP: rpc command: WINREG_CLOSEKEY
4951. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
4952. api_rpc_cmds[5].fn == 0x4e7a78
4953. winreg_CloseKey: struct winreg_CloseKey
4954. in: struct winreg_CloseKey
4955. handle : *
4956. handle: struct policy_handle
4957. handle_type : 0x00000000 (0)
4958. uuid : 00000002-0000-0000-784b-a962bc550000
4959. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
4960. Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4961. [010] BC 55 00 00 .U..
4962. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
4963. Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
4964. [010] BC 55 00 00 .U..
4965. [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
4966. Closed policy
4967. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
4968. regdb_close: decrementing refcount (0)
4969. winreg_CloseKey: struct winreg_CloseKey
4970. out: struct winreg_CloseKey
4971. handle : *
4972. handle: struct policy_handle
4973. handle_type : 0x00000000 (0)
4974. uuid : 00000000-0000-0000-0000-000000000000
4975. result : WERR_OK
4976. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
4977. created /tmp/out_winreg_5.36.prs
4978. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
4979. api_rpcTNP: called winreg successfully
4980. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
4981. free_pipe_context: destroying talloc pool of size 0
4982. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
4983. write_to_pipe: data_used = 28
4984. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
4985. read_from_pipe: 7716 name: winreg len: 1024
4986. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
4987. read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
4988. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
4989. 000000 smb_io_rpc_hdr hdr
4990. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4991. 0000 major : 05
4992. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4993. 0001 minor : 00
4994. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4995. 0002 pkt_type : 02
4996. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4997. 0003 flags : 03
4998. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
4999. 0004 pack_type0: 10
5000. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5001. 0005 pack_type1: 00
5002. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5003. 0006 pack_type2: 00
5004. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5005. 0007 pack_type3: 00
5006. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5007. 0008 frag_len : 0030
5008. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5009. 000a auth_len : 0000
5010. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5011. 000c call_id : 00000005
5012. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5013. 000010 smb_io_rpc_hdr_resp resp
5014. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5015. 0010 alloc_hint: 00000018
5016. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5017. 0014 context_id: 0000
5018. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5019. 0016 cancel_ct : 00
5020. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5021. 0017 reserved : 00
5022. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
5023. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
5024. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5025. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5026. size=104
5027. smb_com=0x25
5028. smb_rcls=0
5029. smb_reh=0
5030. smb_err=0
5031. smb_flg=136
5032. smb_flg2=51201
5033. smb_tid=1
5034. smb_pid=1332
5035. smb_uid=100
5036. smb_mid=1088
5037. smt_wct=10
5038. smb_vwv[ 0]= 0 (0x0)
5039. smb_vwv[ 1]= 48 (0x30)
5040. smb_vwv[ 2]= 0 (0x0)
5041. smb_vwv[ 3]= 0 (0x0)
5042. smb_vwv[ 4]= 56 (0x38)
5043. smb_vwv[ 5]= 0 (0x0)
5044. smb_vwv[ 6]= 48 (0x30)
5045. smb_vwv[ 7]= 56 (0x38)
5046. smb_vwv[ 8]= 0 (0x0)
5047. smb_vwv[ 9]= 0 (0x0)
5048. smb_bcc=49
5049. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5050. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0......
5051. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
5052. [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
5053. [030] 00 .
5054. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5055. run_events: Nothing to do
5056. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5057. run_events: Nothing to do
5058. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5059. got smb length of 41
5060. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5061. got message type 0x0 of len 0x29
5062. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5063. Transaction 18 of length 45 (0 toread)
5064. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5065. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5066. size=41
5067. smb_com=0x4
5068. smb_rcls=0
5069. smb_reh=0
5070. smb_err=0
5071. smb_flg=24
5072. smb_flg2=51207
5073. smb_tid=1
5074. smb_pid=65279
5075. smb_uid=100
5076. smb_mid=1152
5077. smt_wct=3
5078. smb_vwv[ 0]=30486 (0x7716)
5079. smb_vwv[ 1]=65535 (0xFFFF)
5080. smb_vwv[ 2]=65535 (0xFFFF)
5081. smb_bcc=0
5082. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5083. switch message SMBclose (pid 21948) conn 0x10fd8d0
5084. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5085. created /tmp/SMBclose.68.req len 45
5086. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5087. change_to_user: Skipping user change - already user
5088. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
5089. search for pipe pnum=7716
5090. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5091. pipe name winreg pnum=7716 (pipes_open=2)
5092. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5093. pipe name lsarpc pnum=7715 (pipes_open=2)
5094. [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
5095. reply_pipe_close: pnum:7716
5096. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
5097. close_policy_by_pipe: deleted handle list for pipe winreg
5098. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
5099. closed pipe name winreg pnum=7716 (pipes_open=1)
5100. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
5101. Locking key 77696E7265672F32313934382F333034383600
5102. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
5103. Allocated locked data 0x0x10fed00
5104. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
5105. Unlocking key 77696E7265672F32313934382F333034383600
5106. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5107. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5108. size=35
5109. smb_com=0x4
5110. smb_rcls=0
5111. smb_reh=0
5112. smb_err=0
5113. smb_flg=136
5114. smb_flg2=51201
5115. smb_tid=1
5116. smb_pid=65279
5117. smb_uid=100
5118. smb_mid=1152
5119. smt_wct=0
5120. smb_bcc=0
5121. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5122. run_events: Nothing to do
5123. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5124. run_events: Nothing to do
5125. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5126. got smb length of 104
5127. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5128. got message type 0x0 of len 0x68
5129. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5130. Transaction 19 of length 108 (0 toread)
5131. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5132. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5133. size=104
5134. smb_com=0xa2
5135. smb_rcls=0
5136. smb_reh=0
5137. smb_err=0
5138. smb_flg=24
5139. smb_flg2=51207
5140. smb_tid=1
5141. smb_pid=1332
5142. smb_uid=100
5143. smb_mid=1216
5144. smt_wct=24
5145. smb_vwv[ 0]= 255 (0xFF)
5146. smb_vwv[ 1]=57054 (0xDEDE)
5147. smb_vwv[ 2]= 4608 (0x1200)
5148. smb_vwv[ 3]= 5632 (0x1600)
5149. smb_vwv[ 4]= 0 (0x0)
5150. smb_vwv[ 5]= 0 (0x0)
5151. smb_vwv[ 6]= 0 (0x0)
5152. smb_vwv[ 7]=40704 (0x9F00)
5153. smb_vwv[ 8]= 513 (0x201)
5154. smb_vwv[ 9]= 0 (0x0)
5155. smb_vwv[10]= 0 (0x0)
5156. smb_vwv[11]= 0 (0x0)
5157. smb_vwv[12]= 0 (0x0)
5158. smb_vwv[13]= 0 (0x0)
5159. smb_vwv[14]= 0 (0x0)
5160. smb_vwv[15]= 768 (0x300)
5161. smb_vwv[16]= 0 (0x0)
5162. smb_vwv[17]= 256 (0x100)
5163. smb_vwv[18]= 0 (0x0)
5164. smb_vwv[19]=16384 (0x4000)
5165. smb_vwv[20]=16384 (0x4000)
5166. smb_vwv[21]= 512 (0x200)
5167. smb_vwv[22]= 0 (0x0)
5168. smb_vwv[23]= 256 (0x100)
5169. smb_bcc=21
5170. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5171. [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O
5172. [010] 00 4E 00 00 00 .N...
5173. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5174. switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
5175. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5176. created /tmp/SMBntcreateX.70.req len 108
5177. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5178. change_to_user: Skipping user change - already user
5179. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
5180. reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
5181. [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
5182. nt_open_pipe: Opening pipe \NETLOGON.
5183. [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
5184. nt_open_pipe: Known pipe NETLOGON opening.
5185. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
5186. Open pipe requested NETLOGON (pipes_open=1)
5187. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
5188. open_rpc_pipe_p: name lsarpc pnum=7715
5189. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
5190. Create pipe requested NETLOGON
5191. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
5192. init_pipe_handles: created handle list for pipe NETLOGON
5193. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
5194. init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
5195. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
5196. Created internal pipe NETLOGON (pipes_open=1)
5197. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
5198. Opened pipe NETLOGON with handle 7717 (pipes_open=2)
5199. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
5200. open pipes: name NETLOGON pnum=7717
5201. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
5202. open pipes: name lsarpc pnum=7715
5203. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
5204. Locking key 4E45544C4F474F4E2F32313934382F333034383700
5205. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
5206. Allocated locked data 0x0x111f1b0
5207. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
5208. Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
5209. [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
5210. do_ntcreate_pipe_open: open pipe = \NETLOGON
5211. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5212. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5213. size=135
5214. smb_com=0xa2
5215. smb_rcls=0
5216. smb_reh=0
5217. smb_err=0
5218. smb_flg=136
5219. smb_flg2=51201
5220. smb_tid=1
5221. smb_pid=1332
5222. smb_uid=100
5223. smb_mid=1216
5224. smt_wct=42
5225. smb_vwv[ 0]= 255 (0xFF)
5226. smb_vwv[ 1]= 0 (0x0)
5227. smb_vwv[ 2]= 5888 (0x1700)
5228. smb_vwv[ 3]= 375 (0x177)
5229. smb_vwv[ 4]= 0 (0x0)
5230. smb_vwv[ 5]= 0 (0x0)
5231. smb_vwv[ 6]= 0 (0x0)
5232. smb_vwv[ 7]= 0 (0x0)
5233. smb_vwv[ 8]= 0 (0x0)
5234. smb_vwv[ 9]= 0 (0x0)
5235. smb_vwv[10]= 0 (0x0)
5236. smb_vwv[11]= 0 (0x0)
5237. smb_vwv[12]= 0 (0x0)
5238. smb_vwv[13]= 0 (0x0)
5239. smb_vwv[14]= 0 (0x0)
5240. smb_vwv[15]= 0 (0x0)
5241. smb_vwv[16]= 0 (0x0)
5242. smb_vwv[17]= 0 (0x0)
5243. smb_vwv[18]= 0 (0x0)
5244. smb_vwv[19]= 0 (0x0)
5245. smb_vwv[20]= 0 (0x0)
5246. smb_vwv[21]=32768 (0x8000)
5247. smb_vwv[22]= 0 (0x0)
5248. smb_vwv[23]= 0 (0x0)
5249. smb_vwv[24]= 0 (0x0)
5250. smb_vwv[25]= 0 (0x0)
5251. smb_vwv[26]= 0 (0x0)
5252. smb_vwv[27]= 0 (0x0)
5253. smb_vwv[28]= 0 (0x0)
5254. smb_vwv[29]= 0 (0x0)
5255. smb_vwv[30]= 0 (0x0)
5256. smb_vwv[31]= 512 (0x200)
5257. smb_vwv[32]=65280 (0xFF00)
5258. smb_vwv[33]= 5 (0x5)
5259. smb_vwv[34]= 0 (0x0)
5260. smb_vwv[35]= 0 (0x0)
5261. smb_vwv[36]= 0 (0x0)
5262. smb_vwv[37]= 0 (0x0)
5263. smb_vwv[38]= 0 (0x0)
5264. smb_vwv[39]= 0 (0x0)
5265. smb_vwv[40]= 0 (0x0)
5266. smb_vwv[41]= 0 (0x0)
5267. smb_bcc=0
5268. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5269. run_events: Nothing to do
5270. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5271. run_events: Nothing to do
5272. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5273. got smb length of 136
5274. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5275. got message type 0x0 of len 0x88
5276. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5277. Transaction 20 of length 140 (0 toread)
5278. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5279. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5280. size=136
5281. smb_com=0x2f
5282. smb_rcls=0
5283. smb_reh=0
5284. smb_err=0
5285. smb_flg=24
5286. smb_flg2=51207
5287. smb_tid=1
5288. smb_pid=65279
5289. smb_uid=100
5290. smb_mid=1280
5291. smt_wct=14
5292. smb_vwv[ 0]= 255 (0xFF)
5293. smb_vwv[ 1]=57054 (0xDEDE)
5294. smb_vwv[ 2]=30487 (0x7717)
5295. smb_vwv[ 3]= 0 (0x0)
5296. smb_vwv[ 4]= 0 (0x0)
5297. smb_vwv[ 5]=65535 (0xFFFF)
5298. smb_vwv[ 6]=65535 (0xFFFF)
5299. smb_vwv[ 7]= 8 (0x8)
5300. smb_vwv[ 8]= 72 (0x48)
5301. smb_vwv[ 9]= 0 (0x0)
5302. smb_vwv[10]= 72 (0x48)
5303. smb_vwv[11]= 64 (0x40)
5304. smb_vwv[12]= 0 (0x0)
5305. smb_vwv[13]= 0 (0x0)
5306. smb_bcc=73
5307. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5308. [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
5309. [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
5310. [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg.
5311. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
5312. [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
5313. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5314. switch message SMBwriteX (pid 21948) conn 0x10fd8d0
5315. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5316. created /tmp/SMBwriteX.70.req len 140
5317. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5318. change_to_user: Skipping user change - already user
5319. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
5320. search for pipe pnum=7717
5321. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5322. pipe name NETLOGON pnum=7717 (pipes_open=2)
5323. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5324. pipe name lsarpc pnum=7715 (pipes_open=2)
5325. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
5326. write_to_pipe: 7717 name: NETLOGON open: Yes len: 72
5327. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
5328. [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
5329. [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
5330. [020] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg..
5331. [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
5332. [040] 2B 10 48 60 02 00 00 00 +.H`....
5333. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5334. write_to_pipe: data_left = 72
5335. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5336. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
5337. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
5338. fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
5339. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5340. write_to_pipe: data_used = 16
5341. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5342. write_to_pipe: data_left = 56
5343. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5344. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
5345. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5346. 000000 smb_io_rpc_hdr
5347. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5348. 0000 major : 05
5349. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5350. 0001 minor : 00
5351. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5352. 0002 pkt_type : 0b
5353. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5354. 0003 flags : 03
5355. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5356. 0004 pack_type0: 10
5357. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5358. 0005 pack_type1: 00
5359. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5360. 0006 pack_type2: 00
5361. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5362. 0007 pack_type3: 00
5363. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5364. 0008 frag_len : 0048
5365. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5366. 000a auth_len : 0000
5367. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5368. 000c call_id : 00000001
5369. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
5370. unmarshall_rpc_header: using little-endian RPC
5371. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
5372. unmarshall_rpc_header: type = 11, flags = 3
5373. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5374. write_to_pipe: data_used = 0
5375. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5376. write_to_pipe: data_left = 56
5377. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5378. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
5379. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
5380. process_complete_pdu: processing packet type 11
5381. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
5382. api_pipe_bind_req: decode request. 1553
5383. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
5384. api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
5385. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5386. 000000 smb_io_rpc_hdr_rb
5387. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5388. 000000 smb_io_rpc_hdr_bba
5389. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5390. 0000 max_tsize: 10b8
5391. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5392. 0002 max_rsize: 10b8
5393. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5394. 0004 assoc_gid: 00000000
5395. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5396. 0008 num_contexts: 01
5397. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5398. 000c context_id : 0000
5399. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5400. 000e num_transfer_syntaxes: 01
5401. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5402. 00000f smb_io_rpc_iface
5403. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
5404. 000010 smb_io_uuid uuid
5405. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5406. 0010 data : 12345678
5407. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5408. 0014 data : 1234
5409. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5410. 0016 data : abcd
5411. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5412. 0018 data : ef 00
5413. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5414. 001a data : 01 23 45 67 cf fb
5415. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5416. 0020 version: 00000001
5417. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5418. 000024 smb_io_rpc_iface
5419. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
5420. 000024 smb_io_uuid uuid
5421. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5422. 0024 data : 8a885d04
5423. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5424. 0028 data : 1ceb
5425. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5426. 002a data : 11c9
5427. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5428. 002c data : 9f e8
5429. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5430. 002e data : 08 00 2b 10 48 60
5431. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5432. 0034 version: 00000002
5433. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
5434. api_pipe_bind_req: make response. 1608
5435. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
5436. check_bind_req for \PIPE\NETLOGON
5437. checking \PIPE\lsarpc
5438. checking \PIPE\lsarpc
5439. checking \PIPE\samr
5440. checking \PIPE\NETLOGON
5441. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5442. 000000 smb_io_rpc_hdr_ba
5443. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5444. 000000 smb_io_rpc_hdr_bba
5445. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5446. 0000 max_tsize: 10b8
5447. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5448. 0002 max_rsize: 10b8
5449. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5450. 0004 assoc_gid: 000053f0
5451. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5452. 000008 smb_io_rpc_addr_str
5453. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5454. 0008 len: 000f
5455. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5456. 000a str: \PIPE\netlogon.
5457. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5458. 000019 smb_io_rpc_results
5459. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5460. 001c num_results: 01
5461. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5462. 0020 result : 0000
5463. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5464. 0022 reason : 0000
5465. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
5466. 000024 smb_io_rpc_iface
5467. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
5468. 000024 smb_io_uuid uuid
5469. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5470. 0024 data : 8a885d04
5471. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5472. 0028 data : 1ceb
5473. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5474. 002a data : 11c9
5475. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5476. 002c data : 9f e8
5477. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
5478. 002e data : 08 00 2b 10 48 60
5479. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5480. 0034 version: 00000002
5481. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5482. 000000 smb_io_rpc_hdr
5483. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5484. 0000 major : 05
5485. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5486. 0001 minor : 00
5487. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5488. 0002 pkt_type : 0c
5489. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5490. 0003 flags : 03
5491. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5492. 0004 pack_type0: 10
5493. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5494. 0005 pack_type1: 00
5495. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5496. 0006 pack_type2: 00
5497. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5498. 0007 pack_type3: 00
5499. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5500. 0008 frag_len : 0048
5501. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5502. 000a auth_len : 0000
5503. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5504. 000c call_id : 00000001
5505. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5506. write_to_pipe: data_used = 56
5507. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
5508. writeX-IPC pnum=7717 nwritten=72
5509. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5510. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5511. size=47
5512. smb_com=0x2f
5513. smb_rcls=0
5514. smb_reh=0
5515. smb_err=0
5516. smb_flg=136
5517. smb_flg2=51201
5518. smb_tid=1
5519. smb_pid=65279
5520. smb_uid=100
5521. smb_mid=1280
5522. smt_wct=6
5523. smb_vwv[ 0]= 255 (0xFF)
5524. smb_vwv[ 1]= 0 (0x0)
5525. smb_vwv[ 2]= 72 (0x48)
5526. smb_vwv[ 3]= 0 (0x0)
5527. smb_vwv[ 4]= 0 (0x0)
5528. smb_vwv[ 5]= 0 (0x0)
5529. smb_bcc=0
5530. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5531. run_events: Nothing to do
5532. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5533. run_events: Nothing to do
5534. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5535. got smb length of 59
5536. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5537. got message type 0x0 of len 0x3b
5538. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5539. Transaction 21 of length 63 (0 toread)
5540. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5541. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5542. size=59
5543. smb_com=0x2e
5544. smb_rcls=0
5545. smb_reh=0
5546. smb_err=0
5547. smb_flg=24
5548. smb_flg2=51207
5549. smb_tid=1
5550. smb_pid=65279
5551. smb_uid=100
5552. smb_mid=1344
5553. smt_wct=12
5554. smb_vwv[ 0]= 255 (0xFF)
5555. smb_vwv[ 1]=57054 (0xDEDE)
5556. smb_vwv[ 2]=30487 (0x7717)
5557. smb_vwv[ 3]= 0 (0x0)
5558. smb_vwv[ 4]= 0 (0x0)
5559. smb_vwv[ 5]= 1024 (0x400)
5560. smb_vwv[ 6]= 1024 (0x400)
5561. smb_vwv[ 7]=65535 (0xFFFF)
5562. smb_vwv[ 8]=65535 (0xFFFF)
5563. smb_vwv[ 9]= 1024 (0x400)
5564. smb_vwv[10]= 0 (0x0)
5565. smb_vwv[11]= 0 (0x0)
5566. smb_bcc=0
5567. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5568. switch message SMBreadX (pid 21948) conn 0x10fd8d0
5569. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5570. created /tmp/SMBreadX.70.req len 63
5571. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5572. change_to_user: Skipping user change - already user
5573. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
5574. search for pipe pnum=7717
5575. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5576. pipe name NETLOGON pnum=7717 (pipes_open=2)
5577. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5578. pipe name lsarpc pnum=7715 (pipes_open=2)
5579. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
5580. read_from_pipe: 7717 name: NETLOGON len: 1024
5581. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
5582. read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
5583. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
5584. readX-IPC pnum=7717 min=1024 max=1024 nread=72
5585. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5586. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5587. size=131
5588. smb_com=0x2e
5589. smb_rcls=0
5590. smb_reh=0
5591. smb_err=0
5592. smb_flg=136
5593. smb_flg2=51201
5594. smb_tid=1
5595. smb_pid=65279
5596. smb_uid=100
5597. smb_mid=1344
5598. smt_wct=12
5599. smb_vwv[ 0]= 255 (0xFF)
5600. smb_vwv[ 1]= 0 (0x0)
5601. smb_vwv[ 2]= 0 (0x0)
5602. smb_vwv[ 3]= 0 (0x0)
5603. smb_vwv[ 4]= 0 (0x0)
5604. smb_vwv[ 5]= 72 (0x48)
5605. smb_vwv[ 6]= 59 (0x3B)
5606. smb_vwv[ 7]= 0 (0x0)
5607. smb_vwv[ 8]= 0 (0x0)
5608. smb_vwv[ 9]= 0 (0x0)
5609. smb_vwv[10]= 0 (0x0)
5610. smb_vwv[11]= 0 (0x0)
5611. smb_bcc=72
5612. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5613. [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
5614. [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
5615. [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........
5616. [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
5617. [040] 2B 10 48 60 02 00 00 00 +.H`....
5618. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5619. run_events: Nothing to do
5620. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5621. run_events: Nothing to do
5622. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5623. got smb length of 194
5624. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5625. got message type 0x0 of len 0xc2
5626. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5627. Transaction 22 of length 198 (0 toread)
5628. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5629. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5630. size=194
5631. smb_com=0x25
5632. smb_rcls=0
5633. smb_reh=0
5634. smb_err=0
5635. smb_flg=24
5636. smb_flg2=51207
5637. smb_tid=1
5638. smb_pid=1332
5639. smb_uid=100
5640. smb_mid=1408
5641. smt_wct=16
5642. smb_vwv[ 0]= 0 (0x0)
5643. smb_vwv[ 1]= 110 (0x6E)
5644. smb_vwv[ 2]= 0 (0x0)
5645. smb_vwv[ 3]= 1024 (0x400)
5646. smb_vwv[ 4]= 0 (0x0)
5647. smb_vwv[ 5]= 0 (0x0)
5648. smb_vwv[ 6]= 0 (0x0)
5649. smb_vwv[ 7]= 0 (0x0)
5650. smb_vwv[ 8]= 0 (0x0)
5651. smb_vwv[ 9]= 0 (0x0)
5652. smb_vwv[10]= 84 (0x54)
5653. smb_vwv[11]= 110 (0x6E)
5654. smb_vwv[12]= 84 (0x54)
5655. smb_vwv[13]= 2 (0x2)
5656. smb_vwv[14]= 38 (0x26)
5657. smb_vwv[15]=30487 (0x7717)
5658. smb_bcc=127
5659. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5660. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
5661. [010] 00 05 00 00 03 10 00 00 00 6E 00 00 00 01 00 00 ........ .n......
5662. [020] 00 56 00 00 00 00 00 04 00 00 00 02 00 0C 00 00 .V...... ........
5663. [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
5664. [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
5665. [050] 00 0D 00 00 00 00 00 00 00 0D 00 00 00 48 00 44 ........ .....H.D
5666. [060] 00 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F .S.-.V.I .R.T.B.O
5667. [070] 00 58 00 31 00 00 00 91 EB 96 8E 75 4D E0 91 .X.1.... ...uM..
5668. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5669. switch message SMBtrans (pid 21948) conn 0x10fd8d0
5670. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5671. change_to_user: Skipping user change - already user
5672. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
5673. trans <\PIPE\> data=110 params=0 setup=2
5674. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
5675. calling named_pipe
5676. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
5677. named pipe command on <> name
5678. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
5679. api_fd_reply
5680. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
5681. search for pipe pnum=7717
5682. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5683. pipe name NETLOGON pnum=7717 (pipes_open=2)
5684. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5685. pipe name lsarpc pnum=7715 (pipes_open=2)
5686. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
5687. Got API command 0x26 on pipe "NETLOGON" (pnum 7717)
5688. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
5689. api_fd_reply: p:0x111ef10 max_trans_reply: 1024
5690. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
5691. write_to_pipe: 7717 name: NETLOGON open: Yes len: 110
5692. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
5693. [000] 05 00 00 03 10 00 00 00 6E 00 00 00 01 00 00 00 ........ n.......
5694. [010] 56 00 00 00 00 00 04 00 00 00 02 00 0C 00 00 00 V....... ........
5695. [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
5696. [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
5697. [040] 0D 00 00 00 00 00 00 00 0D 00 00 00 48 00 44 00 ........ ....H.D.
5698. [050] 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F 00 S.-.V.I. R.T.B.O.
5699. [060] 58 00 31 00 00 00 91 EB 96 8E 75 4D E0 91 X.1..... ..uM..
5700. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5701. write_to_pipe: data_left = 110
5702. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5703. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 110
5704. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
5705. fill_rpc_header: data_to_copy = 110, len_needed_to_complete_hdr = 16, receive_len = 0
5706. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5707. write_to_pipe: data_used = 16
5708. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5709. write_to_pipe: data_left = 94
5710. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5711. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 94
5712. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5713. 000000 smb_io_rpc_hdr
5714. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5715. 0000 major : 05
5716. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5717. 0001 minor : 00
5718. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5719. 0002 pkt_type : 00
5720. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5721. 0003 flags : 03
5722. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5723. 0004 pack_type0: 10
5724. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5725. 0005 pack_type1: 00
5726. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5727. 0006 pack_type2: 00
5728. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5729. 0007 pack_type3: 00
5730. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5731. 0008 frag_len : 006e
5732. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5733. 000a auth_len : 0000
5734. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5735. 000c call_id : 00000001
5736. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
5737. unmarshall_rpc_header: using little-endian RPC
5738. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
5739. unmarshall_rpc_header: type = 0, flags = 3
5740. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5741. write_to_pipe: data_used = 0
5742. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
5743. write_to_pipe: data_left = 94
5744. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
5745. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 94, incoming data = 94
5746. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
5747. process_complete_pdu: processing packet type 0
5748. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5749. 000000 smb_io_rpc_hdr_req req
5750. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5751. 0000 alloc_hint: 00000056
5752. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5753. 0004 context_id: 0000
5754. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5755. 0006 opnum : 0004
5756. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
5757. free_pipe_context: destroying talloc pool of size 76
5758. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
5759. Requested \PIPE\NETLOGON
5760. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
5761. api_rpcTNP: NETLOGON op 0x4 - created /tmp/in_NETLOGON_4.17.prs
5762. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
5763. api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
5764. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
5765. api_rpc_cmds[4].fn == 0x5083d8
5766. netr_ServerReqChallenge: struct netr_ServerReqChallenge
5767. in: struct netr_ServerReqChallenge
5768. server_name : *
5769. server_name : '\\HDS-LINUX'
5770. computer_name : 'HDS-VIRTBOX1'
5771. credentials : *
5772. credentials: struct netr_Credential
5773. data : 91eb968e754de091
5774. [2010/02/14 20:52:57, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41)
5775. init_net_r_req_chal: 41
5776. netr_ServerReqChallenge: struct netr_ServerReqChallenge
5777. out: struct netr_ServerReqChallenge
5778. return_credentials : *
5779. return_credentials: struct netr_Credential
5780. data : 0e180ab05334a0ce
5781. result : NT_STATUS_OK
5782. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
5783. created /tmp/out_NETLOGON_4.17.prs
5784. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
5785. api_rpcTNP: called NETLOGON successfully
5786. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
5787. free_pipe_context: destroying talloc pool of size 0
5788. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
5789. write_to_pipe: data_used = 94
5790. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
5791. read_from_pipe: 7717 name: NETLOGON len: 1024
5792. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
5793. read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
5794. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5795. 000000 smb_io_rpc_hdr hdr
5796. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5797. 0000 major : 05
5798. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5799. 0001 minor : 00
5800. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5801. 0002 pkt_type : 02
5802. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5803. 0003 flags : 03
5804. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5805. 0004 pack_type0: 10
5806. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5807. 0005 pack_type1: 00
5808. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5809. 0006 pack_type2: 00
5810. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5811. 0007 pack_type3: 00
5812. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5813. 0008 frag_len : 0024
5814. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5815. 000a auth_len : 0000
5816. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5817. 000c call_id : 00000001
5818. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
5819. 000010 smb_io_rpc_hdr_resp resp
5820. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
5821. 0010 alloc_hint: 0000000c
5822. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
5823. 0014 context_id: 0000
5824. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5825. 0016 cancel_ct : 00
5826. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
5827. 0017 reserved : 00
5828. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
5829. copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
5830. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5831. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5832. size=92
5833. smb_com=0x25
5834. smb_rcls=0
5835. smb_reh=0
5836. smb_err=0
5837. smb_flg=136
5838. smb_flg2=51201
5839. smb_tid=1
5840. smb_pid=1332
5841. smb_uid=100
5842. smb_mid=1408
5843. smt_wct=10
5844. smb_vwv[ 0]= 0 (0x0)
5845. smb_vwv[ 1]= 36 (0x24)
5846. smb_vwv[ 2]= 0 (0x0)
5847. smb_vwv[ 3]= 0 (0x0)
5848. smb_vwv[ 4]= 56 (0x38)
5849. smb_vwv[ 5]= 0 (0x0)
5850. smb_vwv[ 6]= 36 (0x24)
5851. smb_vwv[ 7]= 56 (0x38)
5852. smb_vwv[ 8]= 0 (0x0)
5853. smb_vwv[ 9]= 0 (0x0)
5854. smb_bcc=37
5855. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5856. [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
5857. [010] 00 0C 00 00 00 00 00 00 00 0E 18 0A B0 53 34 A0 ........ .....S4.
5858. [020] CE 00 00 00 00 .....
5859. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5860. run_events: Nothing to do
5861. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5862. run_events: Nothing to do
5863. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5864. got smb length of 41
5865. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5866. got message type 0x0 of len 0x29
5867. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5868. Transaction 23 of length 45 (0 toread)
5869. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5870. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5871. size=41
5872. smb_com=0x4
5873. smb_rcls=0
5874. smb_reh=0
5875. smb_err=0
5876. smb_flg=24
5877. smb_flg2=51207
5878. smb_tid=1
5879. smb_pid=65279
5880. smb_uid=100
5881. smb_mid=1472
5882. smt_wct=3
5883. smb_vwv[ 0]=30487 (0x7717)
5884. smb_vwv[ 1]=65535 (0xFFFF)
5885. smb_vwv[ 2]=65535 (0xFFFF)
5886. smb_bcc=0
5887. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5888. switch message SMBclose (pid 21948) conn 0x10fd8d0
5889. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5890. created /tmp/SMBclose.69.req len 45
5891. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5892. change_to_user: Skipping user change - already user
5893. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
5894. search for pipe pnum=7717
5895. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5896. pipe name NETLOGON pnum=7717 (pipes_open=2)
5897. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
5898. pipe name lsarpc pnum=7715 (pipes_open=2)
5899. [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
5900. reply_pipe_close: pnum:7717
5901. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
5902. close_policy_by_pipe: deleted handle list for pipe NETLOGON
5903. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
5904. closed pipe name NETLOGON pnum=7717 (pipes_open=1)
5905. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
5906. Locking key 4E45544C4F474F4E2F32313934382F333034383700
5907. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
5908. Allocated locked data 0x0x111d6d0
5909. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
5910. Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
5911. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5912. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5913. size=35
5914. smb_com=0x4
5915. smb_rcls=0
5916. smb_reh=0
5917. smb_err=0
5918. smb_flg=136
5919. smb_flg2=51201
5920. smb_tid=1
5921. smb_pid=65279
5922. smb_uid=100
5923. smb_mid=1472
5924. smt_wct=0
5925. smb_bcc=0
5926. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5927. run_events: Nothing to do
5928. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
5929. run_events: Nothing to do
5930. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
5931. got smb length of 104
5932. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
5933. got message type 0x0 of len 0x68
5934. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
5935. Transaction 24 of length 108 (0 toread)
5936. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
5937. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
5938. size=104
5939. smb_com=0xa2
5940. smb_rcls=0
5941. smb_reh=0
5942. smb_err=0
5943. smb_flg=24
5944. smb_flg2=51207
5945. smb_tid=1
5946. smb_pid=1332
5947. smb_uid=100
5948. smb_mid=1536
5949. smt_wct=24
5950. smb_vwv[ 0]= 255 (0xFF)
5951. smb_vwv[ 1]=57054 (0xDEDE)
5952. smb_vwv[ 2]= 4608 (0x1200)
5953. smb_vwv[ 3]= 5632 (0x1600)
5954. smb_vwv[ 4]= 0 (0x0)
5955. smb_vwv[ 5]= 0 (0x0)
5956. smb_vwv[ 6]= 0 (0x0)
5957. smb_vwv[ 7]=40704 (0x9F00)
5958. smb_vwv[ 8]= 513 (0x201)
5959. smb_vwv[ 9]= 0 (0x0)
5960. smb_vwv[10]= 0 (0x0)
5961. smb_vwv[11]= 0 (0x0)
5962. smb_vwv[12]= 0 (0x0)
5963. smb_vwv[13]= 0 (0x0)
5964. smb_vwv[14]= 0 (0x0)
5965. smb_vwv[15]= 768 (0x300)
5966. smb_vwv[16]= 0 (0x0)
5967. smb_vwv[17]= 256 (0x100)
5968. smb_vwv[18]= 0 (0x0)
5969. smb_vwv[19]=16384 (0x4000)
5970. smb_vwv[20]=16384 (0x4000)
5971. smb_vwv[21]= 512 (0x200)
5972. smb_vwv[22]= 0 (0x0)
5973. smb_vwv[23]= 256 (0x100)
5974. smb_bcc=21
5975. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
5976. [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O
5977. [010] 00 4E 00 00 00 .N...
5978. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
5979. switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
5980. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
5981. created /tmp/SMBntcreateX.71.req len 108
5982. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
5983. change_to_user: Skipping user change - already user
5984. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
5985. reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
5986. [2010/02/14 20:52:57, 4] smbd/nttrans.c:nt_open_pipe(295)
5987. nt_open_pipe: Opening pipe \NETLOGON.
5988. [2010/02/14 20:52:57, 3] smbd/nttrans.c:nt_open_pipe(320)
5989. nt_open_pipe: Known pipe NETLOGON opening.
5990. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
5991. Open pipe requested NETLOGON (pipes_open=1)
5992. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
5993. open_rpc_pipe_p: name lsarpc pnum=7715
5994. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
5995. Create pipe requested NETLOGON
5996. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
5997. init_pipe_handles: created handle list for pipe NETLOGON
5998. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
5999. init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
6000. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
6001. Created internal pipe NETLOGON (pipes_open=1)
6002. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
6003. Opened pipe NETLOGON with handle 7718 (pipes_open=2)
6004. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
6005. open pipes: name NETLOGON pnum=7718
6006. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
6007. open pipes: name lsarpc pnum=7715
6008. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
6009. Locking key 4E45544C4F474F4E2F32313934382F333034383800
6010. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
6011. Allocated locked data 0x0x111d6d0
6012. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
6013. Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
6014. [2010/02/14 20:52:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
6015. do_ntcreate_pipe_open: open pipe = \NETLOGON
6016. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6017. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6018. size=135
6019. smb_com=0xa2
6020. smb_rcls=0
6021. smb_reh=0
6022. smb_err=0
6023. smb_flg=136
6024. smb_flg2=51201
6025. smb_tid=1
6026. smb_pid=1332
6027. smb_uid=100
6028. smb_mid=1536
6029. smt_wct=42
6030. smb_vwv[ 0]= 255 (0xFF)
6031. smb_vwv[ 1]= 0 (0x0)
6032. smb_vwv[ 2]= 6144 (0x1800)
6033. smb_vwv[ 3]= 375 (0x177)
6034. smb_vwv[ 4]= 0 (0x0)
6035. smb_vwv[ 5]= 0 (0x0)
6036. smb_vwv[ 6]= 0 (0x0)
6037. smb_vwv[ 7]= 0 (0x0)
6038. smb_vwv[ 8]= 0 (0x0)
6039. smb_vwv[ 9]= 0 (0x0)
6040. smb_vwv[10]= 0 (0x0)
6041. smb_vwv[11]= 0 (0x0)
6042. smb_vwv[12]= 0 (0x0)
6043. smb_vwv[13]= 0 (0x0)
6044. smb_vwv[14]= 0 (0x0)
6045. smb_vwv[15]= 0 (0x0)
6046. smb_vwv[16]= 0 (0x0)
6047. smb_vwv[17]= 0 (0x0)
6048. smb_vwv[18]= 0 (0x0)
6049. smb_vwv[19]= 0 (0x0)
6050. smb_vwv[20]= 0 (0x0)
6051. smb_vwv[21]=32768 (0x8000)
6052. smb_vwv[22]= 0 (0x0)
6053. smb_vwv[23]= 0 (0x0)
6054. smb_vwv[24]= 0 (0x0)
6055. smb_vwv[25]= 0 (0x0)
6056. smb_vwv[26]= 0 (0x0)
6057. smb_vwv[27]= 0 (0x0)
6058. smb_vwv[28]= 0 (0x0)
6059. smb_vwv[29]= 0 (0x0)
6060. smb_vwv[30]= 0 (0x0)
6061. smb_vwv[31]= 512 (0x200)
6062. smb_vwv[32]=65280 (0xFF00)
6063. smb_vwv[33]= 5 (0x5)
6064. smb_vwv[34]= 0 (0x0)
6065. smb_vwv[35]= 0 (0x0)
6066. smb_vwv[36]= 0 (0x0)
6067. smb_vwv[37]= 0 (0x0)
6068. smb_vwv[38]= 0 (0x0)
6069. smb_vwv[39]= 0 (0x0)
6070. smb_vwv[40]= 0 (0x0)
6071. smb_vwv[41]= 0 (0x0)
6072. smb_bcc=0
6073. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6074. run_events: Nothing to do
6075. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6076. run_events: Nothing to do
6077. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6078. got smb length of 136
6079. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6080. got message type 0x0 of len 0x88
6081. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6082. Transaction 25 of length 140 (0 toread)
6083. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6084. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6085. size=136
6086. smb_com=0x2f
6087. smb_rcls=0
6088. smb_reh=0
6089. smb_err=0
6090. smb_flg=24
6091. smb_flg2=51207
6092. smb_tid=1
6093. smb_pid=65279
6094. smb_uid=100
6095. smb_mid=1600
6096. smt_wct=14
6097. smb_vwv[ 0]= 255 (0xFF)
6098. smb_vwv[ 1]=57054 (0xDEDE)
6099. smb_vwv[ 2]=30488 (0x7718)
6100. smb_vwv[ 3]= 0 (0x0)
6101. smb_vwv[ 4]= 0 (0x0)
6102. smb_vwv[ 5]=65535 (0xFFFF)
6103. smb_vwv[ 6]=65535 (0xFFFF)
6104. smb_vwv[ 7]= 8 (0x8)
6105. smb_vwv[ 8]= 72 (0x48)
6106. smb_vwv[ 9]= 0 (0x0)
6107. smb_vwv[10]= 72 (0x48)
6108. smb_vwv[11]= 64 (0x40)
6109. smb_vwv[12]= 0 (0x0)
6110. smb_vwv[13]= 0 (0x0)
6111. smb_bcc=73
6112. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6113. [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H......
6114. [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........
6115. [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg.
6116. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........
6117. [040] 00 2B 10 48 60 02 00 00 00 .+.H`... .
6118. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
6119. switch message SMBwriteX (pid 21948) conn 0x10fd8d0
6120. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
6121. created /tmp/SMBwriteX.71.req len 140
6122. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
6123. change_to_user: Skipping user change - already user
6124. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
6125. search for pipe pnum=7718
6126. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6127. pipe name NETLOGON pnum=7718 (pipes_open=2)
6128. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6129. pipe name lsarpc pnum=7715 (pipes_open=2)
6130. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
6131. write_to_pipe: 7718 name: NETLOGON open: Yes len: 72
6132. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
6133. [000] 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
6134. [010] B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 ........ ........
6135. [020] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg..
6136. [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
6137. [040] 2B 10 48 60 02 00 00 00 +.H`....
6138. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6139. write_to_pipe: data_left = 72
6140. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6141. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
6142. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
6143. fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
6144. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6145. write_to_pipe: data_used = 16
6146. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6147. write_to_pipe: data_left = 56
6148. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6149. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
6150. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6151. 000000 smb_io_rpc_hdr
6152. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6153. 0000 major : 05
6154. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6155. 0001 minor : 00
6156. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6157. 0002 pkt_type : 0b
6158. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6159. 0003 flags : 03
6160. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6161. 0004 pack_type0: 10
6162. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6163. 0005 pack_type1: 00
6164. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6165. 0006 pack_type2: 00
6166. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6167. 0007 pack_type3: 00
6168. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6169. 0008 frag_len : 0048
6170. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6171. 000a auth_len : 0000
6172. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6173. 000c call_id : 00000001
6174. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
6175. unmarshall_rpc_header: using little-endian RPC
6176. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
6177. unmarshall_rpc_header: type = 11, flags = 3
6178. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6179. write_to_pipe: data_used = 0
6180. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6181. write_to_pipe: data_left = 56
6182. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6183. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
6184. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
6185. process_complete_pdu: processing packet type 11
6186. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
6187. api_pipe_bind_req: decode request. 1553
6188. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
6189. api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
6190. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6191. 000000 smb_io_rpc_hdr_rb
6192. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6193. 000000 smb_io_rpc_hdr_bba
6194. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6195. 0000 max_tsize: 10b8
6196. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6197. 0002 max_rsize: 10b8
6198. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6199. 0004 assoc_gid: 00000000
6200. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6201. 0008 num_contexts: 01
6202. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6203. 000c context_id : 0000
6204. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6205. 000e num_transfer_syntaxes: 01
6206. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6207. 00000f smb_io_rpc_iface
6208. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
6209. 000010 smb_io_uuid uuid
6210. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6211. 0010 data : 12345678
6212. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6213. 0014 data : 1234
6214. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6215. 0016 data : abcd
6216. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6217. 0018 data : ef 00
6218. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6219. 001a data : 01 23 45 67 cf fb
6220. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6221. 0020 version: 00000001
6222. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6223. 000024 smb_io_rpc_iface
6224. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
6225. 000024 smb_io_uuid uuid
6226. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6227. 0024 data : 8a885d04
6228. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6229. 0028 data : 1ceb
6230. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6231. 002a data : 11c9
6232. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6233. 002c data : 9f e8
6234. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6235. 002e data : 08 00 2b 10 48 60
6236. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6237. 0034 version: 00000002
6238. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
6239. api_pipe_bind_req: make response. 1608
6240. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:check_bind_req(991)
6241. check_bind_req for \PIPE\NETLOGON
6242. checking \PIPE\lsarpc
6243. checking \PIPE\lsarpc
6244. checking \PIPE\samr
6245. checking \PIPE\NETLOGON
6246. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6247. 000000 smb_io_rpc_hdr_ba
6248. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6249. 000000 smb_io_rpc_hdr_bba
6250. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6251. 0000 max_tsize: 10b8
6252. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6253. 0002 max_rsize: 10b8
6254. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6255. 0004 assoc_gid: 000053f0
6256. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6257. 000008 smb_io_rpc_addr_str
6258. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6259. 0008 len: 000f
6260. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6261. 000a str: \PIPE\netlogon.
6262. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6263. 000019 smb_io_rpc_results
6264. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6265. 001c num_results: 01
6266. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6267. 0020 result : 0000
6268. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6269. 0022 reason : 0000
6270. [2010/02/14 20:52:57, 6] rpc_parse/parse_prs.c:prs_debug(88)
6271. 000024 smb_io_rpc_iface
6272. [2010/02/14 20:52:57, 7] rpc_parse/parse_prs.c:prs_debug(88)
6273. 000024 smb_io_uuid uuid
6274. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6275. 0024 data : 8a885d04
6276. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6277. 0028 data : 1ceb
6278. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6279. 002a data : 11c9
6280. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6281. 002c data : 9f e8
6282. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865)
6283. 002e data : 08 00 2b 10 48 60
6284. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6285. 0034 version: 00000002
6286. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6287. 000000 smb_io_rpc_hdr
6288. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6289. 0000 major : 05
6290. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6291. 0001 minor : 00
6292. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6293. 0002 pkt_type : 0c
6294. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6295. 0003 flags : 03
6296. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6297. 0004 pack_type0: 10
6298. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6299. 0005 pack_type1: 00
6300. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6301. 0006 pack_type2: 00
6302. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6303. 0007 pack_type3: 00
6304. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6305. 0008 frag_len : 0048
6306. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6307. 000a auth_len : 0000
6308. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6309. 000c call_id : 00000001
6310. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6311. write_to_pipe: data_used = 56
6312. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
6313. writeX-IPC pnum=7718 nwritten=72
6314. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6315. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6316. size=47
6317. smb_com=0x2f
6318. smb_rcls=0
6319. smb_reh=0
6320. smb_err=0
6321. smb_flg=136
6322. smb_flg2=51201
6323. smb_tid=1
6324. smb_pid=65279
6325. smb_uid=100
6326. smb_mid=1600
6327. smt_wct=6
6328. smb_vwv[ 0]= 255 (0xFF)
6329. smb_vwv[ 1]= 0 (0x0)
6330. smb_vwv[ 2]= 72 (0x48)
6331. smb_vwv[ 3]= 0 (0x0)
6332. smb_vwv[ 4]= 0 (0x0)
6333. smb_vwv[ 5]= 0 (0x0)
6334. smb_bcc=0
6335. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6336. run_events: Nothing to do
6337. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6338. run_events: Nothing to do
6339. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6340. got smb length of 59
6341. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6342. got message type 0x0 of len 0x3b
6343. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6344. Transaction 26 of length 63 (0 toread)
6345. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6346. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6347. size=59
6348. smb_com=0x2e
6349. smb_rcls=0
6350. smb_reh=0
6351. smb_err=0
6352. smb_flg=24
6353. smb_flg2=51207
6354. smb_tid=1
6355. smb_pid=65279
6356. smb_uid=100
6357. smb_mid=1664
6358. smt_wct=12
6359. smb_vwv[ 0]= 255 (0xFF)
6360. smb_vwv[ 1]=57054 (0xDEDE)
6361. smb_vwv[ 2]=30488 (0x7718)
6362. smb_vwv[ 3]= 0 (0x0)
6363. smb_vwv[ 4]= 0 (0x0)
6364. smb_vwv[ 5]= 1024 (0x400)
6365. smb_vwv[ 6]= 1024 (0x400)
6366. smb_vwv[ 7]=65535 (0xFFFF)
6367. smb_vwv[ 8]=65535 (0xFFFF)
6368. smb_vwv[ 9]= 1024 (0x400)
6369. smb_vwv[10]= 0 (0x0)
6370. smb_vwv[11]= 0 (0x0)
6371. smb_bcc=0
6372. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
6373. switch message SMBreadX (pid 21948) conn 0x10fd8d0
6374. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
6375. created /tmp/SMBreadX.71.req len 63
6376. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
6377. change_to_user: Skipping user change - already user
6378. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
6379. search for pipe pnum=7718
6380. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6381. pipe name NETLOGON pnum=7718 (pipes_open=2)
6382. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6383. pipe name lsarpc pnum=7715 (pipes_open=2)
6384. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
6385. read_from_pipe: 7718 name: NETLOGON len: 1024
6386. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
6387. read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
6388. [2010/02/14 20:52:57, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
6389. readX-IPC pnum=7718 min=1024 max=1024 nread=72
6390. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6391. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6392. size=131
6393. smb_com=0x2e
6394. smb_rcls=0
6395. smb_reh=0
6396. smb_err=0
6397. smb_flg=136
6398. smb_flg2=51201
6399. smb_tid=1
6400. smb_pid=65279
6401. smb_uid=100
6402. smb_mid=1664
6403. smt_wct=12
6404. smb_vwv[ 0]= 255 (0xFF)
6405. smb_vwv[ 1]= 0 (0x0)
6406. smb_vwv[ 2]= 0 (0x0)
6407. smb_vwv[ 3]= 0 (0x0)
6408. smb_vwv[ 4]= 0 (0x0)
6409. smb_vwv[ 5]= 72 (0x48)
6410. smb_vwv[ 6]= 59 (0x3B)
6411. smb_vwv[ 7]= 0 (0x0)
6412. smb_vwv[ 8]= 0 (0x0)
6413. smb_vwv[ 9]= 0 (0x0)
6414. smb_vwv[10]= 0 (0x0)
6415. smb_vwv[11]= 0 (0x0)
6416. smb_bcc=72
6417. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6418. [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H.......
6419. [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\
6420. [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........
6421. [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........
6422. [040] 2B 10 48 60 02 00 00 00 +.H`....
6423. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6424. run_events: Nothing to do
6425. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6426. run_events: Nothing to do
6427. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6428. got smb length of 238
6429. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6430. got message type 0x0 of len 0xee
6431. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6432. Transaction 27 of length 242 (0 toread)
6433. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6434. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6435. size=238
6436. smb_com=0x25
6437. smb_rcls=0
6438. smb_reh=0
6439. smb_err=0
6440. smb_flg=24
6441. smb_flg2=51207
6442. smb_tid=1
6443. smb_pid=1332
6444. smb_uid=100
6445. smb_mid=1728
6446. smt_wct=16
6447. smb_vwv[ 0]= 0 (0x0)
6448. smb_vwv[ 1]= 154 (0x9A)
6449. smb_vwv[ 2]= 0 (0x0)
6450. smb_vwv[ 3]= 1024 (0x400)
6451. smb_vwv[ 4]= 0 (0x0)
6452. smb_vwv[ 5]= 0 (0x0)
6453. smb_vwv[ 6]= 0 (0x0)
6454. smb_vwv[ 7]= 0 (0x0)
6455. smb_vwv[ 8]= 0 (0x0)
6456. smb_vwv[ 9]= 0 (0x0)
6457. smb_vwv[10]= 84 (0x54)
6458. smb_vwv[11]= 154 (0x9A)
6459. smb_vwv[12]= 84 (0x54)
6460. smb_vwv[13]= 2 (0x2)
6461. smb_vwv[14]= 38 (0x26)
6462. smb_vwv[15]=30488 (0x7718)
6463. smb_bcc=171
6464. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6465. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
6466. [010] 00 05 00 00 03 10 00 00 00 9A 00 00 00 01 00 00 ........ ........
6467. [020] 00 82 00 00 00 00 00 05 00 00 00 02 00 0C 00 00 ........ ........
6468. [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 ........ .\.\.H.D
6469. [040] 00 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 .S.-.L.I .N.U.X..
6470. [050] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 48 00 44 ........ .....H.D
6471. [060] 00 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F .S.-.V.I .R.T.B.O
6472. [070] 00 58 00 31 00 24 00 00 00 02 00 75 4D 0D 00 00 .X.1.$.. ...uM...
6473. [080] 00 00 00 00 00 0D 00 00 00 48 00 44 00 53 00 2D ........ .H.D.S.-
6474. [090] 00 56 00 49 00 52 00 54 00 42 00 4F 00 58 00 31 .V.I.R.T .B.O.X.1
6475. [0A0] 00 00 00 E8 DB 52 90 EC 3B 18 7B .....R.. ;.{
6476. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
6477. switch message SMBtrans (pid 21948) conn 0x10fd8d0
6478. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
6479. change_to_user: Skipping user change - already user
6480. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
6481. trans <\PIPE\> data=154 params=0 setup=2
6482. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
6483. calling named_pipe
6484. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
6485. named pipe command on <> name
6486. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
6487. api_fd_reply
6488. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
6489. search for pipe pnum=7718
6490. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6491. pipe name NETLOGON pnum=7718 (pipes_open=2)
6492. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6493. pipe name lsarpc pnum=7715 (pipes_open=2)
6494. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
6495. Got API command 0x26 on pipe "NETLOGON" (pnum 7718)
6496. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
6497. api_fd_reply: p:0x111d180 max_trans_reply: 1024
6498. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
6499. write_to_pipe: 7718 name: NETLOGON open: Yes len: 154
6500. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
6501. [000] 05 00 00 03 10 00 00 00 9A 00 00 00 01 00 00 00 ........ ........
6502. [010] 82 00 00 00 00 00 05 00 00 00 02 00 0C 00 00 00 ........ ........
6503. [020] 00 00 00 00 0C 00 00 00 5C 00 5C 00 48 00 44 00 ........ \.\.H.D.
6504. [030] 53 00 2D 00 4C 00 49 00 4E 00 55 00 58 00 00 00 S.-.L.I. N.U.X...
6505. [040] 0E 00 00 00 00 00 00 00 0E 00 00 00 48 00 44 00 ........ ....H.D.
6506. [050] 53 00 2D 00 56 00 49 00 52 00 54 00 42 00 4F 00 S.-.V.I. R.T.B.O.
6507. [060] 58 00 31 00 24 00 00 00 02 00 75 4D 0D 00 00 00 X.1.$... ..uM....
6508. [070] 00 00 00 00 0D 00 00 00 48 00 44 00 53 00 2D 00 ........ H.D.S.-.
6509. [080] 56 00 49 00 52 00 54 00 42 00 4F 00 58 00 31 00 V.I.R.T. B.O.X.1.
6510. [090] 00 00 E8 DB 52 90 EC 3B 18 7B ....R..; .{
6511. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6512. write_to_pipe: data_left = 154
6513. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6514. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 154
6515. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
6516. fill_rpc_header: data_to_copy = 154, len_needed_to_complete_hdr = 16, receive_len = 0
6517. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6518. write_to_pipe: data_used = 16
6519. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6520. write_to_pipe: data_left = 138
6521. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6522. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 138
6523. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6524. 000000 smb_io_rpc_hdr
6525. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6526. 0000 major : 05
6527. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6528. 0001 minor : 00
6529. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6530. 0002 pkt_type : 00
6531. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6532. 0003 flags : 03
6533. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6534. 0004 pack_type0: 10
6535. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6536. 0005 pack_type1: 00
6537. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6538. 0006 pack_type2: 00
6539. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6540. 0007 pack_type3: 00
6541. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6542. 0008 frag_len : 009a
6543. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6544. 000a auth_len : 0000
6545. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6546. 000c call_id : 00000001
6547. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
6548. unmarshall_rpc_header: using little-endian RPC
6549. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
6550. unmarshall_rpc_header: type = 0, flags = 3
6551. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6552. write_to_pipe: data_used = 0
6553. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6554. write_to_pipe: data_left = 138
6555. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6556. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 138, incoming data = 138
6557. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
6558. process_complete_pdu: processing packet type 0
6559. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6560. 000000 smb_io_rpc_hdr_req req
6561. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6562. 0000 alloc_hint: 00000082
6563. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6564. 0004 context_id: 0000
6565. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6566. 0006 opnum : 0005
6567. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
6568. free_pipe_context: destroying talloc pool of size 76
6569. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
6570. Requested \PIPE\NETLOGON
6571. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
6572. api_rpcTNP: NETLOGON op 0x5 - created /tmp/in_NETLOGON_5.17.prs
6573. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
6574. api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
6575. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
6576. api_rpc_cmds[5].fn == 0x508188
6577. netr_ServerAuthenticate: struct netr_ServerAuthenticate
6578. in: struct netr_ServerAuthenticate
6579. server_name : *
6580. server_name : '\\HDS-LINUX'
6581. account_name : 'HDS-VIRTBOX1$'
6582. secure_channel_type : SEC_CHAN_WKSTA (2)
6583. computer_name : 'HDS-VIRTBOX1'
6584. credentials : *
6585. credentials: struct netr_Credential
6586. data : e8db5290ec3b187b
6587. netr_ServerAuthenticate: struct netr_ServerAuthenticate
6588. out: struct netr_ServerAuthenticate
6589. return_credentials : *
6590. return_credentials: struct netr_Credential
6591. data : 0000000000000000
6592. result : NT_STATUS_ACCESS_DENIED
6593. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
6594. created /tmp/out_NETLOGON_5.17.prs
6595. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
6596. api_rpcTNP: called NETLOGON successfully
6597. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
6598. free_pipe_context: destroying talloc pool of size 0
6599. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6600. write_to_pipe: data_used = 138
6601. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
6602. read_from_pipe: 7718 name: NETLOGON len: 1024
6603. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
6604. read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
6605. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6606. 000000 smb_io_rpc_hdr hdr
6607. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6608. 0000 major : 05
6609. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6610. 0001 minor : 00
6611. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6612. 0002 pkt_type : 02
6613. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6614. 0003 flags : 03
6615. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6616. 0004 pack_type0: 10
6617. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6618. 0005 pack_type1: 00
6619. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6620. 0006 pack_type2: 00
6621. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6622. 0007 pack_type3: 00
6623. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6624. 0008 frag_len : 0024
6625. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6626. 000a auth_len : 0000
6627. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6628. 000c call_id : 00000001
6629. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6630. 000010 smb_io_rpc_hdr_resp resp
6631. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6632. 0010 alloc_hint: 0000000c
6633. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6634. 0014 context_id: 0000
6635. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6636. 0016 cancel_ct : 00
6637. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6638. 0017 reserved : 00
6639. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
6640. copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
6641. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6642. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6643. size=92
6644. smb_com=0x25
6645. smb_rcls=0
6646. smb_reh=0
6647. smb_err=0
6648. smb_flg=136
6649. smb_flg2=51201
6650. smb_tid=1
6651. smb_pid=1332
6652. smb_uid=100
6653. smb_mid=1728
6654. smt_wct=10
6655. smb_vwv[ 0]= 0 (0x0)
6656. smb_vwv[ 1]= 36 (0x24)
6657. smb_vwv[ 2]= 0 (0x0)
6658. smb_vwv[ 3]= 0 (0x0)
6659. smb_vwv[ 4]= 56 (0x38)
6660. smb_vwv[ 5]= 0 (0x0)
6661. smb_vwv[ 6]= 36 (0x24)
6662. smb_vwv[ 7]= 56 (0x38)
6663. smb_vwv[ 8]= 0 (0x0)
6664. smb_vwv[ 9]= 0 (0x0)
6665. smb_bcc=37
6666. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6667. [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$......
6668. [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
6669. [020] 00 22 00 00 C0 ."...
6670. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6671. run_events: Nothing to do
6672. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6673. run_events: Nothing to do
6674. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6675. got smb length of 41
6676. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6677. got message type 0x0 of len 0x29
6678. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6679. Transaction 28 of length 45 (0 toread)
6680. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6681. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6682. size=41
6683. smb_com=0x4
6684. smb_rcls=0
6685. smb_reh=0
6686. smb_err=0
6687. smb_flg=24
6688. smb_flg2=51207
6689. smb_tid=1
6690. smb_pid=65279
6691. smb_uid=100
6692. smb_mid=1792
6693. smt_wct=3
6694. smb_vwv[ 0]=30488 (0x7718)
6695. smb_vwv[ 1]=65535 (0xFFFF)
6696. smb_vwv[ 2]=65535 (0xFFFF)
6697. smb_bcc=0
6698. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
6699. switch message SMBclose (pid 21948) conn 0x10fd8d0
6700. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
6701. created /tmp/SMBclose.70.req len 45
6702. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
6703. change_to_user: Skipping user change - already user
6704. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
6705. search for pipe pnum=7718
6706. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6707. pipe name NETLOGON pnum=7718 (pipes_open=2)
6708. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6709. pipe name lsarpc pnum=7715 (pipes_open=2)
6710. [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
6711. reply_pipe_close: pnum:7718
6712. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
6713. close_policy_by_pipe: deleted handle list for pipe NETLOGON
6714. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
6715. closed pipe name NETLOGON pnum=7718 (pipes_open=1)
6716. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
6717. Locking key 4E45544C4F474F4E2F32313934382F333034383800
6718. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
6719. Allocated locked data 0x0x1120a30
6720. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
6721. Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
6722. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6723. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6724. size=35
6725. smb_com=0x4
6726. smb_rcls=0
6727. smb_reh=0
6728. smb_err=0
6729. smb_flg=136
6730. smb_flg2=51201
6731. smb_tid=1
6732. smb_pid=65279
6733. smb_uid=100
6734. smb_mid=1792
6735. smt_wct=0
6736. smb_bcc=0
6737. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6738. run_events: Nothing to do
6739. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6740. run_events: Nothing to do
6741. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6742. got smb length of 128
6743. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6744. got message type 0x0 of len 0x80
6745. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6746. Transaction 29 of length 132 (0 toread)
6747. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6748. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6749. size=128
6750. smb_com=0x25
6751. smb_rcls=0
6752. smb_reh=0
6753. smb_err=0
6754. smb_flg=24
6755. smb_flg2=51207
6756. smb_tid=1
6757. smb_pid=1332
6758. smb_uid=100
6759. smb_mid=1856
6760. smt_wct=16
6761. smb_vwv[ 0]= 0 (0x0)
6762. smb_vwv[ 1]= 44 (0x2C)
6763. smb_vwv[ 2]= 0 (0x0)
6764. smb_vwv[ 3]= 1024 (0x400)
6765. smb_vwv[ 4]= 0 (0x0)
6766. smb_vwv[ 5]= 0 (0x0)
6767. smb_vwv[ 6]= 0 (0x0)
6768. smb_vwv[ 7]= 0 (0x0)
6769. smb_vwv[ 8]= 0 (0x0)
6770. smb_vwv[ 9]= 0 (0x0)
6771. smb_vwv[10]= 84 (0x54)
6772. smb_vwv[11]= 44 (0x2C)
6773. smb_vwv[12]= 84 (0x54)
6774. smb_vwv[13]= 2 (0x2)
6775. smb_vwv[14]= 38 (0x26)
6776. smb_vwv[15]=30485 (0x7715)
6777. smb_bcc=61
6778. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6779. [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\....
6780. [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,......
6781. [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........
6782. [030] 00 00 00 00 00 78 4B A9 62 BC 55 00 00 .....xK. b.U..
6783. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
6784. switch message SMBtrans (pid 21948) conn 0x10fd8d0
6785. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
6786. change_to_user: Skipping user change - already user
6787. [2010/02/14 20:52:57, 3] smbd/ipc.c:handle_trans(436)
6788. trans <\PIPE\> data=44 params=0 setup=2
6789. [2010/02/14 20:52:57, 5] smbd/ipc.c:handle_trans(469)
6790. calling named_pipe
6791. [2010/02/14 20:52:57, 3] smbd/ipc.c:named_pipe(387)
6792. named pipe command on <> name
6793. [2010/02/14 20:52:57, 5] smbd/ipc.c:api_fd_reply(307)
6794. api_fd_reply
6795. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
6796. search for pipe pnum=7715
6797. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
6798. pipe name lsarpc pnum=7715 (pipes_open=1)
6799. [2010/02/14 20:52:57, 3] smbd/ipc.c:api_fd_reply(345)
6800. Got API command 0x26 on pipe "lsarpc" (pnum 7715)
6801. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
6802. api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
6803. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
6804. write_to_pipe: 7715 name: lsarpc open: Yes len: 44
6805. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
6806. [000] 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 ........ ,.......
6807. [010] 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........
6808. [020] 00 00 00 00 78 4B A9 62 BC 55 00 00 ....xK.b .U..
6809. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6810. write_to_pipe: data_left = 44
6811. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6812. process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
6813. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
6814. fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
6815. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6816. write_to_pipe: data_used = 16
6817. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6818. write_to_pipe: data_left = 28
6819. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6820. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
6821. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6822. 000000 smb_io_rpc_hdr
6823. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6824. 0000 major : 05
6825. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6826. 0001 minor : 00
6827. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6828. 0002 pkt_type : 00
6829. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6830. 0003 flags : 03
6831. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6832. 0004 pack_type0: 10
6833. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6834. 0005 pack_type1: 00
6835. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6836. 0006 pack_type2: 00
6837. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6838. 0007 pack_type3: 00
6839. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6840. 0008 frag_len : 002c
6841. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6842. 000a auth_len : 0000
6843. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6844. 000c call_id : 00000004
6845. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
6846. unmarshall_rpc_header: using little-endian RPC
6847. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
6848. unmarshall_rpc_header: type = 0, flags = 3
6849. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6850. write_to_pipe: data_used = 0
6851. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
6852. write_to_pipe: data_left = 28
6853. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
6854. process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
6855. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
6856. process_complete_pdu: processing packet type 0
6857. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6858. 000000 smb_io_rpc_hdr_req req
6859. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6860. 0000 alloc_hint: 00000014
6861. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6862. 0004 context_id: 0000
6863. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6864. 0006 opnum : 0000
6865. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
6866. free_pipe_context: destroying talloc pool of size 0
6867. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262)
6868. Requested \PIPE\lsarpc
6869. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
6870. api_rpcTNP: lsarpc op 0x0 - created /tmp/in_lsarpc_0.18.prs
6871. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
6872. api_rpcTNP: rpc command: LSA_CLOSE
6873. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
6874. api_rpc_cmds[0].fn == 0x4e37d8
6875. lsa_Close: struct lsa_Close
6876. in: struct lsa_Close
6877. handle : *
6878. handle: struct policy_handle
6879. handle_type : 0x00000000 (0)
6880. uuid : 00000001-0000-0000-784b-a962bc550000
6881. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
6882. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
6883. [010] BC 55 00 00 .U..
6884. [2010/02/14 20:52:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
6885. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 78 4B A9 62 ........ ....xK.b
6886. [010] BC 55 00 00 .U..
6887. [2010/02/14 20:52:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
6888. Closed policy
6889. lsa_Close: struct lsa_Close
6890. out: struct lsa_Close
6891. handle : *
6892. handle: struct policy_handle
6893. handle_type : 0x00000000 (0)
6894. uuid : 00000000-0000-0000-0000-000000000000
6895. result : NT_STATUS_OK
6896. [2010/02/14 20:52:57, 0] rpc_parse/parse_prs.c:prs_dump_region(73)
6897. created /tmp/out_lsarpc_0.18.prs
6898. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
6899. api_rpcTNP: called lsarpc successfully
6900. [2010/02/14 20:52:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
6901. free_pipe_context: destroying talloc pool of size 0
6902. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
6903. write_to_pipe: data_used = 28
6904. [2010/02/14 20:52:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
6905. read_from_pipe: 7715 name: lsarpc len: 1024
6906. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
6907. read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
6908. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6909. 000000 smb_io_rpc_hdr hdr
6910. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6911. 0000 major : 05
6912. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6913. 0001 minor : 00
6914. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6915. 0002 pkt_type : 02
6916. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6917. 0003 flags : 03
6918. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6919. 0004 pack_type0: 10
6920. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6921. 0005 pack_type1: 00
6922. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6923. 0006 pack_type2: 00
6924. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6925. 0007 pack_type3: 00
6926. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6927. 0008 frag_len : 0030
6928. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6929. 000a auth_len : 0000
6930. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6931. 000c call_id : 00000004
6932. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_debug(88)
6933. 000010 smb_io_rpc_hdr_resp resp
6934. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint32(718)
6935. 0010 alloc_hint: 00000018
6936. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint16(689)
6937. 0014 context_id: 0000
6938. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6939. 0016 cancel_ct : 00
6940. [2010/02/14 20:52:57, 5] rpc_parse/parse_prs.c:prs_uint8(624)
6941. 0017 reserved : 00
6942. [2010/02/14 20:52:57, 5] smbd/ipc.c:copy_trans_params_and_data(60)
6943. copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
6944. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6945. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6946. size=104
6947. smb_com=0x25
6948. smb_rcls=0
6949. smb_reh=0
6950. smb_err=0
6951. smb_flg=136
6952. smb_flg2=51201
6953. smb_tid=1
6954. smb_pid=1332
6955. smb_uid=100
6956. smb_mid=1856
6957. smt_wct=10
6958. smb_vwv[ 0]= 0 (0x0)
6959. smb_vwv[ 1]= 48 (0x30)
6960. smb_vwv[ 2]= 0 (0x0)
6961. smb_vwv[ 3]= 0 (0x0)
6962. smb_vwv[ 4]= 56 (0x38)
6963. smb_vwv[ 5]= 0 (0x0)
6964. smb_vwv[ 6]= 48 (0x30)
6965. smb_vwv[ 7]= 56 (0x38)
6966. smb_vwv[ 8]= 0 (0x0)
6967. smb_vwv[ 9]= 0 (0x0)
6968. smb_bcc=49
6969. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
6970. [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
6971. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
6972. [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
6973. [030] 00 .
6974. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6975. run_events: Nothing to do
6976. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
6977. run_events: Nothing to do
6978. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
6979. got smb length of 41
6980. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
6981. got message type 0x0 of len 0x29
6982. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
6983. Transaction 30 of length 45 (0 toread)
6984. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
6985. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
6986. size=41
6987. smb_com=0x4
6988. smb_rcls=0
6989. smb_reh=0
6990. smb_err=0
6991. smb_flg=24
6992. smb_flg2=51207
6993. smb_tid=1
6994. smb_pid=65279
6995. smb_uid=100
6996. smb_mid=1920
6997. smt_wct=3
6998. smb_vwv[ 0]=30485 (0x7715)
6999. smb_vwv[ 1]=65535 (0xFFFF)
7000. smb_vwv[ 2]=65535 (0xFFFF)
7001. smb_bcc=0
7002. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
7003. switch message SMBclose (pid 21948) conn 0x10fd8d0
7004. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
7005. created /tmp/SMBclose.71.req len 45
7006. [2010/02/14 20:52:57, 4] smbd/uid.c:change_to_user(182)
7007. change_to_user: Skipping user change - already user
7008. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
7009. search for pipe pnum=7715
7010. [2010/02/14 20:52:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
7011. pipe name lsarpc pnum=7715 (pipes_open=1)
7012. [2010/02/14 20:52:57, 5] smbd/pipes.c:reply_pipe_close(319)
7013. reply_pipe_close: pnum:7715
7014. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
7015. close_policy_by_pipe: deleted handle list for pipe lsarpc
7016. [2010/02/14 20:52:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
7017. closed pipe name lsarpc pnum=7715 (pipes_open=0)
7018. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
7019. Locking key 6C73617270632F32313934382F333034383500
7020. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
7021. Allocated locked data 0x0x11196f0
7022. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
7023. Unlocking key 6C73617270632F32313934382F333034383500
7024. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7025. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7026. size=35
7027. smb_com=0x4
7028. smb_rcls=0
7029. smb_reh=0
7030. smb_err=0
7031. smb_flg=136
7032. smb_flg2=51201
7033. smb_tid=1
7034. smb_pid=65279
7035. smb_uid=100
7036. smb_mid=1920
7037. smt_wct=0
7038. smb_bcc=0
7039. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7040. run_events: Nothing to do
7041. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7042. run_events: Nothing to do
7043. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
7044. got smb length of 39
7045. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
7046. got message type 0x0 of len 0x27
7047. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
7048. Transaction 31 of length 43 (0 toread)
7049. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7050. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7051. size=39
7052. smb_com=0x74
7053. smb_rcls=0
7054. smb_reh=0
7055. smb_err=0
7056. smb_flg=24
7057. smb_flg2=51207
7058. smb_tid=0
7059. smb_pid=65279
7060. smb_uid=100
7061. smb_mid=1984
7062. smt_wct=2
7063. smb_vwv[ 0]= 255 (0xFF)
7064. smb_vwv[ 1]= 0 (0x0)
7065. smb_bcc=0
7066. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
7067. switch message SMBulogoffX (pid 21948) conn 0x0
7068. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
7069. created /tmp/SMBulogoffX.30.req len 43
7070. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7071. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7072. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7073. NT user token: (NULL)
7074. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7075. UNIX token of user 0
7076. Primary group is 0 and contains 0 supplementary groups
7077. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7078. change_to_root_user: now uid=(0,0) gid=(0,0)
7079. [2010/02/14 20:52:57, 3] smbd/reply.c:reply_ulogoffX(1910)
7080. ulogoffX vuid=100
7081. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7082. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7083. size=39
7084. smb_com=0x74
7085. smb_rcls=0
7086. smb_reh=0
7087. smb_err=0
7088. smb_flg=136
7089. smb_flg2=51201
7090. smb_tid=0
7091. smb_pid=65279
7092. smb_uid=100
7093. smb_mid=1984
7094. smt_wct=2
7095. smb_vwv[ 0]= 255 (0xFF)
7096. smb_vwv[ 1]= 0 (0x0)
7097. smb_bcc=0
7098. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7099. run_events: Nothing to do
7100. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7101. run_events: Nothing to do
7102. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
7103. got smb length of 35
7104. [2010/02/14 20:52:57, 6] smbd/process.c:process_smb(1567)
7105. got message type 0x0 of len 0x23
7106. [2010/02/14 20:52:57, 3] smbd/process.c:process_smb(1570)
7107. Transaction 32 of length 39 (0 toread)
7108. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7109. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7110. size=35
7111. smb_com=0x71
7112. smb_rcls=0
7113. smb_reh=0
7114. smb_err=0
7115. smb_flg=24
7116. smb_flg2=51207
7117. smb_tid=1
7118. smb_pid=65279
7119. smb_uid=100
7120. smb_mid=2048
7121. smt_wct=0
7122. smb_bcc=0
7123. [2010/02/14 20:52:57, 3] smbd/process.c:switch_message(1374)
7124. switch message SMBtdis (pid 21948) conn 0x10fd8d0
7125. [2010/02/14 20:52:57, 0] smbd/process.c:smb_dump(1322)
7126. created /tmp/SMBtdis.31.req len 39
7127. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7128. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7129. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7130. NT user token: (NULL)
7131. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7132. UNIX token of user 0
7133. Primary group is 0 and contains 0 supplementary groups
7134. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7135. change_to_root_user: now uid=(0,0) gid=(0,0)
7136. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7137. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7138. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7139. NT user token: (NULL)
7140. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7141. UNIX token of user 0
7142. Primary group is 0 and contains 0 supplementary groups
7143. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7144. change_to_root_user: now uid=(0,0) gid=(0,0)
7145. [2010/02/14 20:52:57, 3] smbd/service.c:close_cnum(1409)
7146. hds-virtbox1 (::ffff:192.168.1.183) closed connection to service IPC$
7147. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
7148. Yielding connection to IPC$
7149. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
7150. Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7151. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
7152. Allocated locked data 0x0x111a940
7153. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
7154. Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7155. [2010/02/14 20:52:57, 4] smbd/vfs.c:vfs_ChDir(733)
7156. vfs_ChDir to /
7157. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7158. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7159. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7160. NT user token: (NULL)
7161. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7162. UNIX token of user 0
7163. Primary group is 0 and contains 0 supplementary groups
7164. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7165. change_to_root_user: now uid=(0,0) gid=(0,0)
7166. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7167. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7168. size=35
7169. smb_com=0x71
7170. smb_rcls=0
7171. smb_reh=0
7172. smb_err=0
7173. smb_flg=136
7174. smb_flg2=51201
7175. smb_tid=1
7176. smb_pid=65279
7177. smb_uid=100
7178. smb_mid=2048
7179. smt_wct=0
7180. smb_bcc=0
7181. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7182. run_events: Nothing to do
7183. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7184. run_events: Nothing to do
7185. [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
7186. read_socket_with_timeout: blocking read. EOF from client.
7187. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
7188. receive_smb_raw: NT_STATUS_END_OF_FILE
7189. [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
7190. receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
7191. [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
7192. Closing cache file
7193. [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
7194. namecache_shutdown: netbios namecache closed successfully.
7195. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7196. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7197. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7198. NT user token: (NULL)
7199. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7200. UNIX token of user 0
7201. Primary group is 0 and contains 0 supplementary groups
7202. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7203. change_to_root_user: now uid=(0,0) gid=(0,0)
7204. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
7205. Yielding connection to
7206. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
7207. Locking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7208. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
7209. Allocated locked data 0x0x1108860
7210. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
7211. Unlocking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7212. [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
7213. Server exit (normal exit)
7214. [2010/02/14 20:52:57, 6] param/loadparm.c:lp_file_list_changed(6729)
7215. lp_file_list_changed()
7216. file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Feb 11 11:51:52 2010
7217.  
7218. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 11 16:28:47 2010
7219.  
7220. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info_map(206)
7221. make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
7222. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7223. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
7224. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7225. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
7226. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7227. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
7228. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7229. NT user token: (NULL)
7230. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7231. UNIX token of user 0
7232. Primary group is 0 and contains 0 supplementary groups
7233. [2010/02/14 20:52:57, 5] auth/auth_util.c:is_trusted_domain(2055)
7234. is_trusted_domain: Checking for domain trust with [SEMARKIT]
7235. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
7236. ldapsam_get_trusteddom_pw called for domain SEMARKIT
7237. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
7238. smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
7239. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_close(1110)
7240. The connection to the LDAP server was closed
7241. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
7242. smb_ldap_setup_connection: ldap://127.0.0.1:389
7243. [2010/02/14 20:52:57, 2] lib/smbldap.c:smbldap_open_connection(796)
7244. smbldap_open_connection: connection opened
7245. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
7246. ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
7247. [2010/02/14 20:52:57, 3] lib/smbldap.c:smbldap_connect_system(1007)
7248. ldap_connect_system: successful connection to the LDAP server
7249. ldap_connect_system: LDAP server does support paged results
7250. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
7251. Added timed event "smbldap_idle_fn": 1032a60
7252. [2010/02/14 20:52:57, 4] lib/smbldap.c:smbldap_open(1090)
7253. The LDAP server is successfully connected
7254. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
7255. Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
7256. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7257. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
7258. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
7259. Cache entry with key = TDOM/SEMARKIT couldn't be found
7260. [2010/02/14 20:52:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
7261. no entry for trusted domain SEMARKIT found.
7262. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(120)
7263. attempting to make a user_info for Admin (Admin)
7264. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(130)
7265. making strings for Admin's user_info struct
7266. [2010/02/14 20:52:57, 5] auth/auth_util.c:make_user_info(162)
7267. making blobs for Admin's user_info struct
7268. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
7269. made an encrypted user_info for Admin (Admin)
7270. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(220)
7271. check_ntlm_password: Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
7272. [2010/02/14 20:52:57, 3] auth/auth.c:check_ntlm_password(223)
7273. check_ntlm_password: mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
7274. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
7275. check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
7276. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
7277. challenge is:
7278. [2010/02/14 20:52:57, 5] lib/util.c:dump_data(2223)
7279. [000] AC 05 48 7F D1 94 0E FD ..H.....
7280. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
7281. check_ntlm_password: guest had nothing to say
7282. [2010/02/14 20:52:57, 8] lib/util.c:is_myname(2098)
7283. is_myname("SEMARKIT") returns 0
7284. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7285. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
7286. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7287. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
7288. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7289. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
7290. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7291. NT user token: (NULL)
7292. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7293. UNIX token of user 0
7294. Primary group is 0 and contains 0 supplementary groups
7295. [2010/02/14 20:52:57, 5] lib/smbldap.c:smbldap_search_ext(1207)
7296. smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
7297. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
7298. smbldap_open: already connected to the LDAP server
7299. [2010/02/14 20:52:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
7300. init_sam_from_ldap: Entry found for user: Admin
7301. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
7302. pdb_set_username: setting username Admin, was
7303. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7304. element 12 -> now SET
7305. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
7306. pdb_set_domain: setting domain SEMARKIT, was
7307. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7308. element 14 -> now DEFAULT
7309. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
7310. pdb_set_nt_username: setting nt username Admin, was
7311. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7312. element 15 -> now SET
7313. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
7314. pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
7315. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
7316. pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
7317. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7318. element 18 -> now SET
7319. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
7320. element 18: SET
7321. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7322. element 21 -> now SET
7323. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7324. element 5 -> now SET
7325. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7326. element 6 -> now SET
7327. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7328. element 7 -> now SET
7329. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7330. element 9 -> now SET
7331. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7332. element 10 -> now SET
7333. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7334. attribute displayName does not exist
7335. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
7336. pdb_set_full_name: setting full name Admin, was
7337. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7338. element 13 -> now SET
7339. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7340. attribute sambaHomeDrive does not exist
7341. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
7342. pdb_set_dir_drive: setting dir drive H:, was NULL
7343. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7344. element 3 -> now DEFAULT
7345. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7346. attribute sambaHomePath does not exist
7347. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
7348. pdb_set_homedir: setting home dir \\hds-linux\admin, was
7349. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7350. element 1 -> now DEFAULT
7351. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7352. attribute sambaLogonScript does not exist
7353. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
7354. pdb_set_logon_script: setting logon script scripts/logon.bat, was
7355. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7356. element 4 -> now DEFAULT
7357. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7358. attribute sambaProfilePath does not exist
7359. [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
7360. Home server: hds-linux
7361. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
7362. pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
7363. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7364. element 2 -> now DEFAULT
7365. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7366. attribute description does not exist
7367. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7368. attribute sambaUserWorkstations does not exist
7369. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7370. attribute sambaMungedDial does not exist
7371. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7372. element 32 -> now SET
7373. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7374. element 33 -> now SET
7375. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7376. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
7377. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7378. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
7379. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7380. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
7381. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7382. NT user token: (NULL)
7383. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7384. UNIX token of user 0
7385. Primary group is 0 and contains 0 supplementary groups
7386. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
7387. Returning valid cache entry: key = ACCT_POL/password history, value = 0
7388. , timeout = Sun Feb 14 20:53:57 2010
7389. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
7390. ldapsam_get_account_policy: got valid value from cache
7391. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7392. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
7393. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7394. element 20 -> now SET
7395. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7396. element 16 -> now SET
7397. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7398. element 17 -> now SET
7399. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7400. attribute sambaBadPasswordCount does not exist
7401. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7402. attribute sambaBadPasswordTime does not exist
7403. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
7404. attribute sambaLogonHours does not exist
7405. [2010/02/14 20:52:57, 5] passdb/login_cache.c:login_cache_init(40)
7406. Opening cache file at /var/cache/samba/login_cache.tdb
7407. [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(86)
7408. Looking up login cache for user Admin
7409. [2010/02/14 20:52:57, 7] passdb/login_cache.c:login_cache_read(100)
7410. No cache entry found
7411. [2010/02/14 20:52:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
7412. No cache entry, bad count = 0, bad time = 0
7413. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
7414. element 35 -> now CHANGED
7415. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7416. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
7417. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7418. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
7419. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7420. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
7421. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7422. NT user token: (NULL)
7423. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7424. UNIX token of user 0
7425. Primary group is 0 and contains 0 supplementary groups
7426. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
7427. Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
7428. , timeout = Sun Feb 14 20:53:57 2010
7429. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
7430. ldapsam_get_account_policy: got valid value from cache
7431. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7432. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
7433. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_alloc(133)
7434. Finding user Admin
7435. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(77)
7436. Trying _Get_Pwnam(), username as lowercase is admin
7437. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(85)
7438. Trying _Get_Pwnam(), username as given is Admin
7439. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(95)
7440. Trying _Get_Pwnam(), username as uppercase is ADMIN
7441. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(104)
7442. Checking combinations of 0 uppercase letters in admin
7443. [2010/02/14 20:52:57, 5] lib/username.c:Get_Pwnam_internals(110)
7444. Get_Pwnam_internals didn't find user [Admin]!
7445. [2010/02/14 20:52:57, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
7446. pdb_get_group_sid: Failed to find Unix account for Admin
7447. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
7448. element 3: DEFAULT
7449. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
7450. element 1: DEFAULT
7451. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
7452. element 4: DEFAULT
7453. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
7454. element 2: DEFAULT
7455. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7456. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
7457. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7458. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
7459. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7460. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
7461. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7462. NT user token: (NULL)
7463. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7464. UNIX token of user 0
7465. Primary group is 0 and contains 0 supplementary groups
7466. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
7467. Returning valid cache entry: key = ACCT_POL/password history, value = 0
7468. , timeout = Sun Feb 14 20:53:57 2010
7469. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
7470. ldapsam_get_account_policy: got valid value from cache
7471. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7472. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
7473. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
7474. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
7475. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
7476. tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
7477. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
7478. tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
7479. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7480. element 5 -> now SET
7481. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7482. element 6 -> now SET
7483. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7484. element 7 -> now SET
7485. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7486. element 8 -> now SET
7487. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7488. element 9 -> now SET
7489. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7490. element 10 -> now SET
7491. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7492. element 21 -> now SET
7493. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
7494. pdb_set_username: setting username Admin, was
7495. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7496. element 12 -> now SET
7497. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
7498. pdb_set_domain: setting domain SEMARKIT, was
7499. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7500. element 14 -> now SET
7501. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
7502. pdb_set_nt_username: setting nt username Admin, was
7503. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7504. element 15 -> now SET
7505. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
7506. pdb_set_full_name: setting full name Admin, was
7507. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7508. element 13 -> now SET
7509. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
7510. pdb_set_homedir: setting home dir \\hds-linux\admin, was
7511. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7512. element 1 -> now DEFAULT
7513. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
7514. pdb_set_dir_drive: setting dir drive H:, was NULL
7515. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7516. element 3 -> now DEFAULT
7517. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
7518. pdb_set_logon_script: setting logon script scripts/logon.bat, was
7519. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7520. element 4 -> now DEFAULT
7521. [2010/02/14 20:52:57, 4] lib/substitute.c:automount_server(500)
7522. Home server: hds-linux
7523. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
7524. pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
7525. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
7526. element 2 -> now DEFAULT
7527. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7528. element 23 -> now SET
7529. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
7530. pdb_set_workstations: setting workstations , was
7531. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7532. element 24 -> now SET
7533. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7534. element 26 -> now SET
7535. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7536. element 33 -> now SET
7537. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7538. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
7539. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7540. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
7541. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7542. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
7543. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7544. NT user token: (NULL)
7545. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7546. UNIX token of user 0
7547. Primary group is 0 and contains 0 supplementary groups
7548. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
7549. Returning valid cache entry: key = ACCT_POL/password history, value = 0
7550. , timeout = Sun Feb 14 20:53:57 2010
7551. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
7552. ldapsam_get_account_policy: got valid value from cache
7553. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7554. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
7555. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7556. element 34 -> now SET
7557. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
7558. pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
7559. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7560. element 18 -> now SET
7561. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
7562. pdb_set_user_sid_from_rid:
7563. setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
7564. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7565. element 16 -> now SET
7566. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7567. element 29 -> now SET
7568. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7569. element 30 -> now SET
7570. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7571. element 31 -> now SET
7572. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7573. element 20 -> now SET
7574. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7575. element 17 -> now SET
7576. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
7577. element 27 -> now SET
7578. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7579. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
7580. [2010/02/14 20:52:57, 9] passdb/passdb.c:pdb_update_autolock_flag(1417)
7581. pdb_update_autolock_flag: Account Admin not autolocked, no check needed
7582. [2010/02/14 20:52:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328)
7583. ntlm_password_check: Checking NT MD4 password
7584. [2010/02/14 20:52:57, 4] auth/auth_sam.c:sam_account_ok(137)
7585. sam_account_ok: Checking SMB password for user Admin
7586. [2010/02/14 20:52:57, 5] auth/auth_sam.c:logon_hours_ok(119)
7587. logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
7588. )
7589. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7590. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
7591. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7592. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
7593. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7594. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
7595. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7596. NT user token: (NULL)
7597. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7598. UNIX token of user 0
7599. Primary group is 0 and contains 0 supplementary groups
7600. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
7601. Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
7602. , timeout = Sun Feb 14 20:53:57 2010
7603. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
7604. ldapsam_get_account_policy: got valid value from cache
7605. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7606. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
7607. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:push_sec_ctx(224)
7608. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
7609. [2010/02/14 20:52:57, 3] smbd/uid.c:push_conn_ctx(357)
7610. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
7611. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7612. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
7613. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7614. NT user token: (NULL)
7615. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7616. UNIX token of user 0
7617. Primary group is 0 and contains 0 supplementary groups
7618. [2010/02/14 20:52:57, 1] auth/auth_util.c:make_server_info_sam(562)
7619. User Admin in passdb, but getpwnam() fails!
7620. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
7621. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
7622. [2010/02/14 20:52:57, 0] auth/auth_sam.c:check_sam_security(355)
7623. check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
7624. [2010/02/14 20:52:57, 5] auth/auth.c:check_ntlm_password(272)
7625. check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
7626. [2010/02/14 20:52:57, 3] auth/auth_winbind.c:check_winbind_security(54)
7627. check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
7628. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
7629. check_ntlm_password: winbind had nothing to say
7630. [2010/02/14 20:52:57, 2] auth/auth.c:check_ntlm_password(318)
7631. check_ntlm_password: Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
7632. [2010/02/14 20:52:57, 5] auth/auth_util.c:free_user_info(1985)
7633. attempting to free (and zero) a user_info structure
7634. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
7635. structure was created for Admin
7636. [2010/02/14 20:52:57, 3] smbd/error.c:error_packet_set(61)
7637. error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
7638. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(642)
7639. [2010/02/14 20:52:57, 5] lib/util.c:show_msg(652)
7640. size=35
7641. smb_com=0x73
7642. smb_rcls=109
7643. smb_reh=0
7644. smb_err=49152
7645. smb_flg=136
7646. smb_flg2=51201
7647. smb_tid=0
7648. smb_pid=65279
7649. smb_uid=100
7650. smb_mid=128
7651. smt_wct=0
7652. smb_bcc=0
7653. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7654. run_events: Nothing to do
7655. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
7656. run_events: Nothing to do
7657. [2010/02/14 20:52:57, 5] lib/util_sock.c:read_socket_with_timeout(928)
7658. read_socket_with_timeout: blocking read. EOF from client.
7659. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
7660. receive_smb_raw: NT_STATUS_END_OF_FILE
7661. [2010/02/14 20:52:57, 3] smbd/process.c:smbd_process(2056)
7662. receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
7663. [2010/02/14 20:52:57, 5] lib/gencache.c:gencache_shutdown(93)
7664. Closing cache file
7665. [2010/02/14 20:52:57, 5] libsmb/namecache.c:namecache_shutdown(81)
7666. namecache_shutdown: netbios namecache closed successfully.
7667. [2010/02/14 20:52:57, 3] smbd/sec_ctx.c:set_sec_ctx(324)
7668. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
7669. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_nt_user_token(464)
7670. NT user token: (NULL)
7671. [2010/02/14 20:52:57, 5] auth/token_util.c:debug_unix_user_token(490)
7672. UNIX token of user 0
7673. Primary group is 0 and contains 0 supplementary groups
7674. [2010/02/14 20:52:57, 5] smbd/uid.c:change_to_root_user(287)
7675. change_to_root_user: now uid=(0,0) gid=(0,0)
7676. [2010/02/14 20:52:57, 3] smbd/connection.c:yield_connection(31)
7677. Yielding connection to
7678. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
7679. Locking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7680. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
7681. Allocated locked data 0x0x1108350
7682. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
7683. Unlocking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7684. [2010/02/14 20:52:57, 3] smbd/server.c:exit_server_common(949)
7685. Server exit (normal exit)
7686.