Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [2012/09/23 22:42:32.902828, 3] param/loadparm.c:9572(lp_load_ex)
- lp_load_ex: refreshing parameters
- [2012/09/23 22:42:32.902907, 3] param/loadparm.c:5192(init_globals)
- Initialising global parameters
- [2012/09/23 22:42:32.902964, 2] param/loadparm.c:4985(max_open_files)
- rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
- [2012/09/23 22:42:32.903047, 3] ../lib/util/params.c:550(pm_process)
- params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
- [2012/09/23 22:42:32.903101, 3] param/loadparm.c:8310(do_section)
- Processing section "[global]"
- doing parameter workgroup = rlz
- doing parameter server string = m3-laptop
- doing parameter security = user
- doing parameter load printers = no
- doing parameter debug level = 10
- [2012/09/23 22:42:32.903268, 5] ../lib/util/debug.c:330(debug_dump_status)
- INFO: Current debug levels:
- all: 10
- tdb: 10
- printdrivers: 10
- lanman: 10
- smb: 10
- rpc_parse: 10
- rpc_srv: 10
- rpc_cli: 10
- passdb: 10
- sam: 10
- auth: 10
- winbind: 10
- vfs: 10
- idmap: 10
- quota: 10
- acls: 10
- locking: 10
- msdfs: 10
- dmapi: 10
- registry: 10
- doing parameter log file = /var/log/samba/%m.log
- doing parameter max log size = 5000
- doing parameter dns proxy = no
- doing parameter printing = bsd
- doing parameter printcap name = /dev/null
- doing parameter disable spoolss = yes
- doing parameter unix extensions = no
- doing parameter follow symlinks = yes
- doing parameter wide links = yes
- [2012/09/23 22:42:32.903944, 2] param/loadparm.c:8327(do_section)
- Processing section "[writable]"
- [2012/09/23 22:42:32.904050, 8] param/loadparm.c:6480(add_a_service)
- add_a_service: Creating snum = 0 for writable
- [2012/09/23 22:42:32.904104, 10] param/loadparm.c:6518(hash_a_service)
- hash_a_service: creating servicehash
- [2012/09/23 22:42:32.904153, 10] param/loadparm.c:6527(hash_a_service)
- hash_a_service: hashing index 0 for service name writable
- doing parameter comment = test
- doing parameter writable = yes
- doing parameter valid users = shareuser
- doing parameter path = /home/shareuser/writable
- [2012/09/23 22:42:32.904322, 4] param/loadparm.c:9608(lp_load_ex)
- pm_process() returned Yes
- [2012/09/23 22:42:32.904384, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find homes
- [2012/09/23 22:42:32.904467, 8] param/loadparm.c:6480(add_a_service)
- add_a_service: Creating snum = 1 for IPC$
- [2012/09/23 22:42:32.904519, 10] param/loadparm.c:6527(hash_a_service)
- hash_a_service: hashing index 1 for service name IPC$
- [2012/09/23 22:42:32.904576, 3] param/loadparm.c:6630(lp_add_ipc)
- adding IPC service
- [2012/09/23 22:42:32.904626, 10] param/loadparm_server_role.c:101(set_server_role)
- set_server_role: role = ROLE_STANDALONE
- [2012/09/23 22:42:32.904681, 5] ../lib/util/charset/codepoints.c:235(map_locale)
- Substituting charset 'UTF-8' for LOCALE
- [2012/09/23 22:42:32.904747, 6] param/loadparm.c:7490(lp_file_list_changed)
- lp_file_list_changed()
- file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sun Sep 23 22:40:11 2012
- [2012/09/23 22:42:32.909123, 2] lib/interface.c:341(add_interface)
- added interface wlan0 ip=fe80::219:7eff:fe52:16d3%wlan0 bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff::
- [2012/09/23 22:42:32.909269, 2] lib/interface.c:341(add_interface)
- added interface wlan0 ip=192.168.178.104 bcast=192.168.178.255 netmask=255.255.255.0
- [2012/09/23 22:42:32.909347, 3] smbd/server.c:1088(main)
- loaded services
- [2012/09/23 22:42:32.909404, 5] lib/util.c:242(init_names)
- Netbios name list:-
- my_netbios_names[0]="M3-LAPTOP"
- [2012/09/23 22:42:32.909524, 0] smbd/server.c:1109(main)
- standard input is not a socket, assuming -D option
- [2012/09/23 22:42:32.909638, 3] smbd/server.c:1120(main)
- Becoming a daemon.
- [2012/09/23 22:42:32.909749, 8] ../lib/util/util.c:263(fcntl_lock)
- fcntl_lock 10 6 0 1 1
- [2012/09/23 22:42:32.909834, 8] ../lib/util/util.c:298(fcntl_lock)
- fcntl_lock: Lock call successful
- [2012/09/23 22:42:32.910996, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend ldapsam
- [2012/09/23 22:42:32.911074, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'ldapsam'
- [2012/09/23 22:42:32.911126, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend ldapsam_compat
- [2012/09/23 22:42:32.911179, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'ldapsam_compat'
- [2012/09/23 22:42:32.911231, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend NDS_ldapsam
- [2012/09/23 22:42:32.911281, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'NDS_ldapsam'
- [2012/09/23 22:42:32.911331, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend NDS_ldapsam_compat
- [2012/09/23 22:42:32.911380, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'NDS_ldapsam_compat'
- [2012/09/23 22:42:32.911432, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend IPA_ldapsam
- [2012/09/23 22:42:32.911483, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'IPA_ldapsam'
- [2012/09/23 22:42:32.911535, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend smbpasswd
- [2012/09/23 22:42:32.911585, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'smbpasswd'
- [2012/09/23 22:42:32.911636, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend tdbsam
- [2012/09/23 22:42:32.911686, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'tdbsam'
- [2012/09/23 22:42:32.911735, 5] passdb/pdb_interface.c:71(smb_register_passdb)
- Attempting to register passdb backend wbc_sam
- [2012/09/23 22:42:32.911787, 5] passdb/pdb_interface.c:84(smb_register_passdb)
- Successfully added passdb backend 'wbc_sam'
- [2012/09/23 22:42:32.911837, 5] passdb/pdb_interface.c:141(make_pdb_method_name)
- Attempting to find a passdb backend to match tdbsam (tdbsam)
- [2012/09/23 22:42:32.911887, 5] passdb/pdb_interface.c:162(make_pdb_method_name)
- Found pdb backend tdbsam
- [2012/09/23 22:42:32.911944, 5] passdb/pdb_interface.c:173(make_pdb_method_name)
- pdb backend tdbsam has a valid init
- [2012/09/23 22:42:32.913095, 10] registry/reg_backend_db.c:526(regdb_init)
- regdb_init: registry db openend. refcount reset (1)
- [2012/09/23 22:42:32.913167, 10] registry/reg_cachehook.c:70(reghook_cache_init)
- reghook_cache_init: new tree with default ops 0x7f0ef0501340 for key []
- [2012/09/23 22:42:32.913424, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
- [2012/09/23 22:42:32.913508, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Samba Printer Port] len[2]
- [2012/09/23 22:42:32.913564, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
- [2012/09/23 22:42:32.913636, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70]
- [2012/09/23 22:42:32.913691, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:32.913761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DisplayName] len[20]
- [2012/09/23 22:42:32.913815, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[ErrorControl] len[4]
- [2012/09/23 22:42:32.913871, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:32.913940, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DisplayName] len[20]
- [2012/09/23 22:42:32.914045, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[ErrorControl] len[4]
- [2012/09/23 22:42:32.914107, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef05014a0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers]
- [2012/09/23 22:42:32.914159, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.914215, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree
- [2012/09/23 22:42:32.914267, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.914319, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
- [2012/09/23 22:42:32.914371, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.914424, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree
- [2012/09/23 22:42:32.914476, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.914528, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
- [2012/09/23 22:42:32.914579, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.914630, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree
- [2012/09/23 22:42:32.914682, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.914734, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501500 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
- [2012/09/23 22:42:32.914785, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.914837, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree
- [2012/09/23 22:42:32.914889, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.914940, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
- [2012/09/23 22:42:32.914990, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.915042, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree
- [2012/09/23 22:42:32.915092, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.915144, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501560 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
- [2012/09/23 22:42:32.915194, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.915246, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree
- [2012/09/23 22:42:32.915297, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.915350, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef05015c0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions]
- [2012/09/23 22:42:32.915400, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.915452, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree
- [2012/09/23 22:42:32.915503, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.915555, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501620 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
- [2012/09/23 22:42:32.915614, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.915666, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree
- [2012/09/23 22:42:32.915717, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.915768, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501680 for key [\HKPT]
- [2012/09/23 22:42:32.915817, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.915868, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKPT] to tree
- [2012/09/23 22:42:32.915917, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.915969, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef05016e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
- [2012/09/23 22:42:32.916019, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.916069, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree
- [2012/09/23 22:42:32.916119, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.916171, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501740 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
- [2012/09/23 22:42:32.916222, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:32.916273, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree
- [2012/09/23 22:42:32.916324, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:32.916373, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (1->0)
- [2012/09/23 22:42:32.916772, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user M3-LAPTOP\root
- [2012/09/23 22:42:32.916828, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is m3-laptop\root
- [2012/09/23 22:42:32.916919, 5] lib/username.c:124(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as given is M3-LAPTOP\root
- [2012/09/23 22:42:32.916998, 5] lib/username.c:134(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as uppercase is M3-LAPTOP\ROOT
- [2012/09/23 22:42:32.917075, 5] lib/username.c:143(Get_Pwnam_internals)
- Checking combinations of 0 uppercase letters in m3-laptop\root
- [2012/09/23 22:42:32.917127, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals didn't find user [M3-LAPTOP\root]!
- [2012/09/23 22:42:32.917178, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user root
- [2012/09/23 22:42:32.917228, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is root
- [2012/09/23 22:42:32.917320, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [root]!
- [2012/09/23 22:42:32.917400, 10] passdb/lookup_sid.c:76(lookup_name)
- lookup_name: M3-LAPTOP\root => domain=[M3-LAPTOP], name=[root]
- [2012/09/23 22:42:32.917455, 10] passdb/lookup_sid.c:77(lookup_name)
- lookup_name: flags = 0x073
- [2012/09/23 22:42:32.917513, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.917565, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.917618, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.917668, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.917719, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.917852, 4] passdb/pdb_tdb.c:523(tdbsam_open)
- tdbsam_open: successfully opened /etc/samba/private/passdb.tdb
- [2012/09/23 22:42:32.917921, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam)
- pdb_getsampwnam (TDB): error fetching database.
- Key: USER_root
- [2012/09/23 22:42:32.917995, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.918051, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.918101, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.918151, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.918202, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.918251, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.918388, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.918446, 10] passdb/lookup_sid.c:76(lookup_name)
- lookup_name: Unix User\root => domain=[Unix User], name=[root]
- [2012/09/23 22:42:32.918496, 10] passdb/lookup_sid.c:77(lookup_name)
- lookup_name: flags = 0x073
- [2012/09/23 22:42:32.918588, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user root
- [2012/09/23 22:42:32.918640, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is root
- [2012/09/23 22:42:32.918692, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [root]!
- [2012/09/23 22:42:32.918750, 10] passdb/lookup_sid.c:1544(sid_to_uid)
- sid S-1-22-1-0 -> uid 0
- [2012/09/23 22:42:32.918854, 10] lib/system_smbd.c:175(sys_getgrouplist)
- sys_getgrouplist: user [root]
- [2012/09/23 22:42:32.919023, 5] lib/gencache.c:68(gencache_init)
- Opening cache file at /var/cache/samba/gencache.tdb
- [2012/09/23 22:42:32.919130, 5] lib/gencache.c:111(gencache_init)
- Opening cache file at /var/cache/samba/gencache_notrans.tdb
- [2012/09/23 22:42:32.919283, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 0
- [2012/09/23 22:42:32.919339, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.919390, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.919440, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.919490, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.919539, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.919630, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.919683, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 0 -> sid S-1-22-2-0
- [2012/09/23 22:42:32.919759, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 1
- [2012/09/23 22:42:32.919810, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.919861, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.919911, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.919961, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.920009, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.920095, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.920147, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 1 -> sid S-1-22-2-1
- [2012/09/23 22:42:32.920219, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 2
- [2012/09/23 22:42:32.920279, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.920331, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.920380, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.920430, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.920479, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.920564, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.920615, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 2 -> sid S-1-22-2-2
- [2012/09/23 22:42:32.920722, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 3
- [2012/09/23 22:42:32.920774, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.920825, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.920875, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.920925, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.920974, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.921059, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.921111, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 3 -> sid S-1-22-2-3
- [2012/09/23 22:42:32.921182, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 4
- [2012/09/23 22:42:32.921233, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.921284, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.921334, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.921384, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.921433, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.921520, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.921572, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 4 -> sid S-1-22-2-4
- [2012/09/23 22:42:32.921645, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 6
- [2012/09/23 22:42:32.921697, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.921748, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.921797, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.921847, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.921896, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.922031, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.922086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 6 -> sid S-1-22-2-6
- [2012/09/23 22:42:32.922160, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 10
- [2012/09/23 22:42:32.922213, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.922266, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.922316, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.922375, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.922425, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.922509, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.922561, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 10 -> sid S-1-22-2-10
- [2012/09/23 22:42:32.922634, 5] passdb/lookup_sid.c:1384(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 19
- [2012/09/23 22:42:32.922685, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.922736, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.922786, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.922836, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.922885, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.922970, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.923022, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
- LEGACY: gid 19 -> sid S-1-22-2-19
- [2012/09/23 22:42:32.923082, 10] auth/token_util.c:339(create_local_nt_token)
- Create local NT token for S-1-22-1-0
- [2012/09/23 22:42:32.923170, 10] passdb/lookup_sid.c:1628(sid_to_gid)
- winbind failed to find a gid for sid S-1-5-32-544
- [2012/09/23 22:42:32.923225, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.923277, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.923327, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.923377, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.923426, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.923514, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.923565, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-32-544
- [2012/09/23 22:42:32.923618, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.923669, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.923719, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.923770, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.923819, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.923902, 3] auth/token_util.c:438(finalize_local_nt_token)
- Failed to fetch domain sid for RLZ
- [2012/09/23 22:42:32.923957, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924056, 10] passdb/lookup_sid.c:1628(sid_to_gid)
- winbind failed to find a gid for sid S-1-5-32-545
- [2012/09/23 22:42:32.924110, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.924161, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924211, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.924261, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.924309, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.924406, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924458, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-32-545
- [2012/09/23 22:42:32.924510, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.924561, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924611, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.924661, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.924710, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.924791, 3] auth/token_util.c:469(finalize_local_nt_token)
- Failed to fetch domain sid for RLZ
- [2012/09/23 22:42:32.924845, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924897, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.924948, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.924998, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.925048, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.925096, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.925275, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.925384, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-1-0]
- [2012/09/23 22:42:32.925450, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-0]
- [2012/09/23 22:42:32.925510, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-1]
- [2012/09/23 22:42:32.925569, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-2]
- [2012/09/23 22:42:32.925628, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-3]
- [2012/09/23 22:42:32.925687, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-4]
- [2012/09/23 22:42:32.925746, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-6]
- [2012/09/23 22:42:32.925805, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-10]
- [2012/09/23 22:42:32.925864, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-22-2-19]
- [2012/09/23 22:42:32.925924, 5] lib/privileges.c:175(get_privileges_for_sids)
- get_privileges_for_sids: sid = S-1-1-0
- Privilege set: 0x0
- [2012/09/23 22:42:32.926001, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-2]
- [2012/09/23 22:42:32.926059, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-11]
- [2012/09/23 22:42:32.926183, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids)
- wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE
- [2012/09/23 22:42:32.926239, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.926290, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.926341, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.926391, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.926440, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.926535, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.926587, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-1-0
- [2012/09/23 22:42:32.926639, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-1-0
- [2012/09/23 22:42:32.926692, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.926744, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.926793, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.926843, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.926892, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.926980, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.927031, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-2
- [2012/09/23 22:42:32.927083, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-5-2
- [2012/09/23 22:42:32.927136, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.927186, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.927237, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.927287, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.927357, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.927444, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.927495, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-11
- [2012/09/23 22:42:32.927548, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-5-11
- [2012/09/23 22:42:32.927602, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-1-0 to gid, ignoring it
- [2012/09/23 22:42:32.927654, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-5-2 to gid, ignoring it
- [2012/09/23 22:42:32.927706, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-5-11 to gid, ignoring it
- [2012/09/23 22:42:32.927760, 10] ../libcli/security/security_token.c:63(security_token_debug)
- Security token SIDs (12):
- SID[ 0]: S-1-22-1-0
- SID[ 1]: S-1-22-2-0
- SID[ 2]: S-1-22-2-1
- SID[ 3]: S-1-22-2-2
- SID[ 4]: S-1-22-2-3
- SID[ 5]: S-1-22-2-4
- SID[ 6]: S-1-22-2-6
- SID[ 7]: S-1-22-2-10
- SID[ 8]: S-1-22-2-19
- SID[ 9]: S-1-1-0
- SID[ 10]: S-1-5-2
- SID[ 11]: S-1-5-11
- Privileges (0x 0):
- Rights (0x 0):
- [2012/09/23 22:42:32.928105, 10] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 8 supplementary groups
- Group[ 0]: 0
- Group[ 1]: 1
- Group[ 2]: 2
- Group[ 3]: 3
- Group[ 4]: 4
- Group[ 5]: 6
- Group[ 6]: 10
- Group[ 7]: 19
- [2012/09/23 22:42:32.928336, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.928387, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.928468, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.928528, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user M3-LAPTOP\nobody
- [2012/09/23 22:42:32.928578, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is m3-laptop\nobody
- [2012/09/23 22:42:32.928656, 5] lib/username.c:124(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as given is M3-LAPTOP\nobody
- [2012/09/23 22:42:32.928743, 5] lib/username.c:134(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as uppercase is M3-LAPTOP\NOBODY
- [2012/09/23 22:42:32.928820, 5] lib/username.c:143(Get_Pwnam_internals)
- Checking combinations of 0 uppercase letters in m3-laptop\nobody
- [2012/09/23 22:42:32.928871, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals didn't find user [M3-LAPTOP\nobody]!
- [2012/09/23 22:42:32.928922, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.928971, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.929022, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.929076, 10] auth/token_util.c:223(create_local_nt_token_from_info3)
- Create local NT token for nobody
- [2012/09/23 22:42:32.929151, 10] passdb/lookup_sid.c:1628(sid_to_gid)
- winbind failed to find a gid for sid S-1-5-32-544
- [2012/09/23 22:42:32.929205, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.929256, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.929307, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.929357, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.929406, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.929494, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.929546, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-32-544
- [2012/09/23 22:42:32.929599, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.929649, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.929700, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.929750, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.929799, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.929880, 3] auth/token_util.c:438(finalize_local_nt_token)
- Failed to fetch domain sid for RLZ
- [2012/09/23 22:42:32.929934, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930006, 10] passdb/lookup_sid.c:1628(sid_to_gid)
- winbind failed to find a gid for sid S-1-5-32-545
- [2012/09/23 22:42:32.930059, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.930110, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930160, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.930211, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.930260, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.930348, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930399, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-32-545
- [2012/09/23 22:42:32.930452, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.930503, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930553, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.930603, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.930696, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.930779, 3] auth/token_util.c:469(finalize_local_nt_token)
- Failed to fetch domain sid for RLZ
- [2012/09/23 22:42:32.930834, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930886, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.930936, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.930986, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.931036, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.931085, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.931216, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.931277, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-21-1307200228-2420893719-2273888605-501]
- [2012/09/23 22:42:32.931341, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-21-1307200228-2420893719-2273888605-514]
- [2012/09/23 22:42:32.931403, 5] lib/privileges.c:175(get_privileges_for_sids)
- get_privileges_for_sids: sid = S-1-1-0
- Privilege set: 0x0
- [2012/09/23 22:42:32.931479, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-2]
- [2012/09/23 22:42:32.931538, 4] lib/privileges.c:97(get_privileges)
- get_privileges: No privileges assigned to SID [S-1-5-32-546]
- [2012/09/23 22:42:32.931684, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids)
- wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE
- [2012/09/23 22:42:32.931736, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.931788, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.931838, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.931889, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.931938, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.932016, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 501.
- [2012/09/23 22:42:32.932069, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.932120, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.932170, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.932221, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.932270, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.932344, 6] passdb/pdb_interface.c:401(pdb_getsampwsid)
- pdb_getsampwsid: Building guest account
- [2012/09/23 22:42:32.932394, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.932444, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.932496, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.932548, 10] passdb/pdb_get_set.c:575(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2012/09/23 22:42:32.932607, 10] passdb/pdb_get_set.c:644(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2012/09/23 22:42:32.932666, 10] passdb/pdb_get_set.c:598(pdb_set_domain)
- pdb_set_domain: setting domain M3-LAPTOP, was
- [2012/09/23 22:42:32.932723, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-1307200228-2420893719-2273888605-501
- [2012/09/23 22:42:32.932778, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-1307200228-2420893719-2273888605-501 from rid 501
- [2012/09/23 22:42:32.932857, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.932911, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.932961, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.933012, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.933067, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.933118, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid)
- LEGACY: sid S-1-5-21-1307200228-2420893719-2273888605-501 is a User, expected a group
- [2012/09/23 22:42:32.933174, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.933225, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.933275, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.933325, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.933374, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.933450, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 501.
- [2012/09/23 22:42:32.933502, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.933552, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.933602, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.933652, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.933701, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.933775, 6] passdb/pdb_interface.c:401(pdb_getsampwsid)
- pdb_getsampwsid: Building guest account
- [2012/09/23 22:42:32.933825, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.933875, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.933926, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.933996, 10] passdb/pdb_get_set.c:575(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2012/09/23 22:42:32.934049, 10] passdb/pdb_get_set.c:644(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2012/09/23 22:42:32.934099, 10] passdb/pdb_get_set.c:598(pdb_set_domain)
- pdb_set_domain: setting domain M3-LAPTOP, was
- [2012/09/23 22:42:32.934151, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-1307200228-2420893719-2273888605-501
- [2012/09/23 22:42:32.934205, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-1307200228-2420893719-2273888605-501 from rid 501
- [2012/09/23 22:42:32.934284, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.934338, 5] lib/username.c:171(Get_Pwnam_alloc)
- Finding user nobody
- [2012/09/23 22:42:32.934387, 5] lib/username.c:116(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2012/09/23 22:42:32.934439, 5] lib/username.c:149(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2012/09/23 22:42:32.934503, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.934554, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid)
- LEGACY: sid S-1-5-21-1307200228-2420893719-2273888605-501 -> uid 99
- [2012/09/23 22:42:32.934611, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.934662, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.934713, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.934763, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.934812, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.934888, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 514.
- [2012/09/23 22:42:32.934940, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.934990, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.935040, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.935090, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.935139, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.935222, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid)
- pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
- [2012/09/23 22:42:32.935291, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.935343, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid)
- Can't find a unix id for an unmapped group
- [2012/09/23 22:42:32.935399, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.935450, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-21-1307200228-2420893719-2273888605-514
- [2012/09/23 22:42:32.935505, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.935556, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.935607, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.935657, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.935706, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.935781, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 514.
- [2012/09/23 22:42:32.935833, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.935884, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.935934, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2012/09/23 22:42:32.935984, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.936033, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.936114, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid)
- pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
- [2012/09/23 22:42:32.936182, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.936234, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid)
- Can't find a unix id for an unmapped group
- [2012/09/23 22:42:32.936288, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.936348, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-5-21-1307200228-2420893719-2273888605-514
- [2012/09/23 22:42:32.936403, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.936454, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.936504, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.936554, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.936603, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.936691, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.936744, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-1-0
- [2012/09/23 22:42:32.936796, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-1-0
- [2012/09/23 22:42:32.936849, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.936900, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.936950, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.937000, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.937049, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.937136, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.937187, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-2
- [2012/09/23 22:42:32.937240, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-5-2
- [2012/09/23 22:42:32.937302, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.937356, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.937406, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.937457, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.937506, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.937595, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.937646, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
- LEGACY: mapping failed for sid S-1-5-32-546
- [2012/09/23 22:42:32.937699, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
- LEGACY: mapping failed for sid S-1-5-32-546
- [2012/09/23 22:42:32.937752, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-5-21-1307200228-2420893719-2273888605-514 to gid, ignoring it
- [2012/09/23 22:42:32.937806, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-1-0 to gid, ignoring it
- [2012/09/23 22:42:32.937858, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-5-2 to gid, ignoring it
- [2012/09/23 22:42:32.937909, 10] auth/auth_util.c:505(create_local_token)
- Could not convert SID S-1-5-32-546 to gid, ignoring it
- [2012/09/23 22:42:32.937965, 10] ../libcli/security/security_token.c:63(security_token_debug)
- Security token SIDs (6):
- SID[ 0]: S-1-5-21-1307200228-2420893719-2273888605-501
- SID[ 1]: S-1-5-21-1307200228-2420893719-2273888605-514
- SID[ 2]: S-1-1-0
- SID[ 3]: S-1-5-2
- SID[ 4]: S-1-5-32-546
- SID[ 5]: S-1-22-1-99
- Privileges (0x 0):
- Rights (0x 0):
- [2012/09/23 22:42:32.938185, 10] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 99
- Primary group is 99 and contains 0 supplementary groups
- [2012/09/23 22:42:32.938367, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg)
- Initialise the svcctl registry keys if needed.
- [2012/09/23 22:42:32.938422, 4] smbd/sec_ctx.c:214(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.938474, 4] smbd/uid.c:460(push_conn_ctx)
- push_conn_ctx(0) : conn_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.938524, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
- [2012/09/23 22:42:32.938574, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:42:32.938623, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:42:32.938734, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:42:32.938788, 10] registry/reg_backend_db.c:602(regdb_open)
- regdb_open: registry db opened. refcount reset (1)
- [2012/09/23 22:42:32.938856, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p)
- Create pipe requested \winreg
- [2012/09/23 22:42:32.938936, 10] rpc_server/rpc_handles.c:116(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe \winreg
- [2012/09/23 22:42:32.938990, 10] rpc_server/rpc_handles.c:133(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg
- [2012/09/23 22:42:32.939047, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p)
- Created internal pipe \winreg (pipes_open=0)
- [2012/09/23 22:42:32.939131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenHKLM: struct winreg_OpenHKLM
- in: struct winreg_OpenHKLM
- system_name : NULL
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2012/09/23 22:42:32.939444, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [HKLM]
- [2012/09/23 22:42:32.939496, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (1->2)
- [2012/09/23 22:42:32.939553, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM]
- [2012/09/23 22:42:32.939603, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM]
- [2012/09/23 22:42:32.939654, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.939703, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
- [2012/09/23 22:42:32.939780, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.939889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenHKLM: struct winreg_OpenHKLM
- out: struct winreg_OpenHKLM
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- result : WERR_OK
- [2012/09/23 22:42:32.940161, 5] ../lib/util/charset/codepoints.c:235(map_locale)
- Substituting charset 'UTF-8' for LOCALE
- [2012/09/23 22:42:32.940227, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenKey: struct winreg_OpenKey
- in: struct winreg_OpenKey
- parent_handle : *
- parent_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- keyname: struct winreg_String
- name_len : 0x0044 (68)
- name_size : 0x0044 (68)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services'
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2012/09/23 22:42:32.940916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.941023, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.941075, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (2->3)
- [2012/09/23 22:42:32.941129, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.941179, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.941230, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.941278, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.941352, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.941405, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.941461, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.941510, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.941561, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.941610, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.941679, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.941735, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.941792, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.941841, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.941893, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.941942, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.942021, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.942075, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:32.942128, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.942240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenKey: struct winreg_OpenKey
- out: struct winreg_OpenKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- result : WERR_OK
- [2012/09/23 22:42:32.942455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_QueryInfoKey: struct winreg_QueryInfoKey
- in: struct winreg_QueryInfoKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- classname : *
- classname: struct winreg_String
- name_len : 0x0000 (0)
- name_size : 0x0000 (0)
- name : NULL
- [2012/09/23 22:42:32.942740, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.942845, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:32.942897, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.942961, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc)
- regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.943029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_QueryInfoKey: struct winreg_QueryInfoKey
- out: struct winreg_QueryInfoKey
- classname : *
- classname: struct winreg_String
- name_len : 0x0000 (0)
- name_size : 0x0000 (0)
- name : NULL
- num_subkeys : *
- num_subkeys : 0x00000007 (7)
- max_subkeylen : *
- max_subkeylen : 0x0000001c (28)
- max_classlen : *
- max_classlen : 0x00000000 (0)
- num_values : *
- num_values : 0x00000000 (0)
- max_valnamelen : *
- max_valnamelen : 0x00000002 (2)
- max_valbufsize : *
- max_valbufsize : 0x00000000 (0)
- secdescsize : *
- secdescsize : 0x00000078 (120)
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.943606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000000 (0)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.944126, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.944230, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.944282, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x001a (26)
- size : 0x001e (30)
- name : *
- name : 'LanmanServer'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.944701, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000001 (1)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.945195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.945297, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.945349, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x0012 (18)
- size : 0x001e (30)
- name : *
- name : 'Eventlog'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.945777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000002 (2)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.946273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.946376, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.946428, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x000c (12)
- size : 0x001e (30)
- name : *
- name : 'Tcpip'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.946846, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000003 (3)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.947363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.947466, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.947518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x0012 (18)
- size : 0x001e (30)
- name : *
- name : 'Netlogon'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.947935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000004 (4)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.948429, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.948531, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.948583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x0010 (16)
- size : 0x001e (30)
- name : *
- name : 'Spooler'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.949004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000005 (5)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.949506, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.949609, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.949661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x001e (30)
- size : 0x001e (30)
- name : *
- name : 'RemoteRegistry'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.950078, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- in: struct winreg_EnumKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- enum_index : 0x00000006 (6)
- name : *
- name: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x001e (30)
- name : *
- name : ''
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- [2012/09/23 22:42:32.950570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.950701, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
- _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.950762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_EnumKey: struct winreg_EnumKey
- out: struct winreg_EnumKey
- name : *
- name: struct winreg_StringBuf
- length : 0x000a (10)
- size : 0x001e (30)
- name : *
- name : 'WINS'
- keyclass : *
- keyclass: struct winreg_StringBuf
- length : 0x0000 (0)
- size : 0x0002 (2)
- name : *
- name : ''
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:32.951200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0054 (84)
- name_size : 0x0054 (84)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\Spooler'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_ACTION_NONE (0)
- [2012/09/23 22:42:32.951959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.952063, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler'
- [2012/09/23 22:42:32.952123, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.952177, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.952228, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.952280, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.952334, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.952383, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.952434, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.952492, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.952560, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.952613, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.952665, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.952720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.952769, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.952821, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.952869, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.952937, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.952992, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.953043, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.953094, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.953149, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.953198, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.953250, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.953298, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.953380, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.953434, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Spooler]
- [2012/09/23 22:42:32.953486, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.953541, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.953591, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.953642, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.953691, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.953760, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.953814, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.953917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:32.954255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000c (12)
- name_size : 0x000c (12)
- name : *
- name : 'Start'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x02 (2)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.954722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.954828, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start]
- [2012/09/23 22:42:32.954883, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.954934, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:32.954987, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.955055, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Start] len[4]
- [2012/09/23 22:42:32.955109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[Type] len[4]
- [2012/09/23 22:42:32.955162, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[2]: name[ErrorControl] len[4]
- [2012/09/23 22:42:32.955216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[3]: name[ObjectName] len[24]
- [2012/09/23 22:42:32.955270, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[4]: name[DisplayName] len[28]
- [2012/09/23 22:42:32.955323, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[5]: name[ImagePath] len[54]
- [2012/09/23 22:42:32.955377, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[6]: name[Description] len[106]
- [2012/09/23 22:42:32.955430, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.955547, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000a (10)
- name_size : 0x000a (10)
- name : *
- name : 'Type'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x10 (16)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.956015, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.956118, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type]
- [2012/09/23 22:42:32.956172, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.956223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.956336, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x001a (26)
- name_size : 0x001a (26)
- name : *
- name : 'ErrorControl'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.956792, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.956894, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl]
- [2012/09/23 22:42:32.956948, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.957000, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.957123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0016 (22)
- name_size : 0x0016 (22)
- name : *
- name : 'ObjectName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(24)
- [0] : 0x4c (76)
- [1] : 0x00 (0)
- [2] : 0x6f (111)
- [3] : 0x00 (0)
- [4] : 0x63 (99)
- [5] : 0x00 (0)
- [6] : 0x61 (97)
- [7] : 0x00 (0)
- [8] : 0x6c (108)
- [9] : 0x00 (0)
- [10] : 0x53 (83)
- [11] : 0x00 (0)
- [12] : 0x79 (121)
- [13] : 0x00 (0)
- [14] : 0x73 (115)
- [15] : 0x00 (0)
- [16] : 0x74 (116)
- [17] : 0x00 (0)
- [18] : 0x65 (101)
- [19] : 0x00 (0)
- [20] : 0x6d (109)
- [21] : 0x00 (0)
- [22] : 0x00 (0)
- [23] : 0x00 (0)
- size : 0x00000018 (24)
- [2012/09/23 22:42:32.958063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.958167, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName]
- [2012/09/23 22:42:32.958221, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.958273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.958396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'DisplayName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(28)
- [0] : 0x50 (80)
- [1] : 0x00 (0)
- [2] : 0x72 (114)
- [3] : 0x00 (0)
- [4] : 0x69 (105)
- [5] : 0x00 (0)
- [6] : 0x6e (110)
- [7] : 0x00 (0)
- [8] : 0x74 (116)
- [9] : 0x00 (0)
- [10] : 0x20 (32)
- [11] : 0x00 (0)
- [12] : 0x53 (83)
- [13] : 0x00 (0)
- [14] : 0x70 (112)
- [15] : 0x00 (0)
- [16] : 0x6f (111)
- [17] : 0x00 (0)
- [18] : 0x6f (111)
- [19] : 0x00 (0)
- [20] : 0x6c (108)
- [21] : 0x00 (0)
- [22] : 0x65 (101)
- [23] : 0x00 (0)
- [24] : 0x72 (114)
- [25] : 0x00 (0)
- [26] : 0x00 (0)
- [27] : 0x00 (0)
- size : 0x0000001c (28)
- [2012/09/23 22:42:32.959418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.959520, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName]
- [2012/09/23 22:42:32.959574, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.959627, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.959742, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0014 (20)
- name_size : 0x0014 (20)
- name : *
- name : 'ImagePath'
- type : REG_SZ (1)
- data : *
- data: ARRAY(54)
- [0] : 0x2f (47)
- [1] : 0x00 (0)
- [2] : 0x75 (117)
- [3] : 0x00 (0)
- [4] : 0x73 (115)
- [5] : 0x00 (0)
- [6] : 0x72 (114)
- [7] : 0x00 (0)
- [8] : 0x2f (47)
- [9] : 0x00 (0)
- [10] : 0x6c (108)
- [11] : 0x00 (0)
- [12] : 0x69 (105)
- [13] : 0x00 (0)
- [14] : 0x62 (98)
- [15] : 0x00 (0)
- [16] : 0x2f (47)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x61 (97)
- [21] : 0x00 (0)
- [22] : 0x6d (109)
- [23] : 0x00 (0)
- [24] : 0x62 (98)
- [25] : 0x00 (0)
- [26] : 0x61 (97)
- [27] : 0x00 (0)
- [28] : 0x2f (47)
- [29] : 0x00 (0)
- [30] : 0x73 (115)
- [31] : 0x00 (0)
- [32] : 0x76 (118)
- [33] : 0x00 (0)
- [34] : 0x63 (99)
- [35] : 0x00 (0)
- [36] : 0x63 (99)
- [37] : 0x00 (0)
- [38] : 0x74 (116)
- [39] : 0x00 (0)
- [40] : 0x6c (108)
- [41] : 0x00 (0)
- [42] : 0x2f (47)
- [43] : 0x00 (0)
- [44] : 0x73 (115)
- [45] : 0x00 (0)
- [46] : 0x6d (109)
- [47] : 0x00 (0)
- [48] : 0x62 (98)
- [49] : 0x00 (0)
- [50] : 0x64 (100)
- [51] : 0x00 (0)
- [52] : 0x00 (0)
- [53] : 0x00 (0)
- size : 0x00000036 (54)
- [2012/09/23 22:42:32.961470, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.961574, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath]
- [2012/09/23 22:42:32.961628, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.961680, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.961796, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'Description'
- type : REG_SZ (1)
- data : *
- data: ARRAY(106)
- [0] : 0x49 (73)
- [1] : 0x00 (0)
- [2] : 0x6e (110)
- [3] : 0x00 (0)
- [4] : 0x74 (116)
- [5] : 0x00 (0)
- [6] : 0x65 (101)
- [7] : 0x00 (0)
- [8] : 0x72 (114)
- [9] : 0x00 (0)
- [10] : 0x6e (110)
- [11] : 0x00 (0)
- [12] : 0x61 (97)
- [13] : 0x00 (0)
- [14] : 0x6c (108)
- [15] : 0x00 (0)
- [16] : 0x20 (32)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x65 (101)
- [21] : 0x00 (0)
- [22] : 0x72 (114)
- [23] : 0x00 (0)
- [24] : 0x76 (118)
- [25] : 0x00 (0)
- [26] : 0x69 (105)
- [27] : 0x00 (0)
- [28] : 0x63 (99)
- [29] : 0x00 (0)
- [30] : 0x65 (101)
- [31] : 0x00 (0)
- [32] : 0x20 (32)
- [33] : 0x00 (0)
- [34] : 0x66 (102)
- [35] : 0x00 (0)
- [36] : 0x6f (111)
- [37] : 0x00 (0)
- [38] : 0x72 (114)
- [39] : 0x00 (0)
- [40] : 0x20 (32)
- [41] : 0x00 (0)
- [42] : 0x73 (115)
- [43] : 0x00 (0)
- [44] : 0x70 (112)
- [45] : 0x00 (0)
- [46] : 0x6f (111)
- [47] : 0x00 (0)
- [48] : 0x6f (111)
- [49] : 0x00 (0)
- [50] : 0x6c (108)
- [51] : 0x00 (0)
- [52] : 0x69 (105)
- [53] : 0x00 (0)
- [54] : 0x6e (110)
- [55] : 0x00 (0)
- [56] : 0x67 (103)
- [57] : 0x00 (0)
- [58] : 0x20 (32)
- [59] : 0x00 (0)
- [60] : 0x66 (102)
- [61] : 0x00 (0)
- [62] : 0x69 (105)
- [63] : 0x00 (0)
- [64] : 0x6c (108)
- [65] : 0x00 (0)
- [66] : 0x65 (101)
- [67] : 0x00 (0)
- [68] : 0x73 (115)
- [69] : 0x00 (0)
- [70] : 0x20 (32)
- [71] : 0x00 (0)
- [72] : 0x74 (116)
- [73] : 0x00 (0)
- [74] : 0x6f (111)
- [75] : 0x00 (0)
- [76] : 0x20 (32)
- [77] : 0x00 (0)
- [78] : 0x70 (112)
- [79] : 0x00 (0)
- [80] : 0x72 (114)
- [81] : 0x00 (0)
- [82] : 0x69 (105)
- [83] : 0x00 (0)
- [84] : 0x6e (110)
- [85] : 0x00 (0)
- [86] : 0x74 (116)
- [87] : 0x00 (0)
- [88] : 0x20 (32)
- [89] : 0x00 (0)
- [90] : 0x64 (100)
- [91] : 0x00 (0)
- [92] : 0x65 (101)
- [93] : 0x00 (0)
- [94] : 0x76 (118)
- [95] : 0x00 (0)
- [96] : 0x69 (105)
- [97] : 0x00 (0)
- [98] : 0x63 (99)
- [99] : 0x00 (0)
- [100] : 0x65 (101)
- [101] : 0x00 (0)
- [102] : 0x73 (115)
- [103] : 0x00 (0)
- [104] : 0x00 (0)
- [105] : 0x00 (0)
- size : 0x0000006a (106)
- [2012/09/23 22:42:32.964629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.964734, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description]
- [2012/09/23 22:42:32.964789, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.964840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.964969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:32.965145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.965249, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.965350, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:32.965403, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:32.965454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:32.965667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0066 (102)
- name_size : 0x0066 (102)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- [2012/09/23 22:42:32.966444, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.966621, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security'
- [2012/09/23 22:42:32.966679, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.966733, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.966784, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.966835, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.966890, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.966940, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.966991, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.967039, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.967107, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.967161, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.967213, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.967269, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.967336, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.967388, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.967437, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.967506, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.967562, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.967613, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.967665, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.967720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.967770, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.967831, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.967882, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.967964, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.968021, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.968072, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Spooler]
- [2012/09/23 22:42:32.968123, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.968179, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.968229, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.968281, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.968329, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
- [2012/09/23 22:42:32.968403, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.968458, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Security]
- [2012/09/23 22:42:32.968510, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.968565, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
- [2012/09/23 22:42:32.968616, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
- [2012/09/23 22:42:32.968668, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.968717, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
- [2012/09/23 22:42:32.968782, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
- regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
- [2012/09/23 22:42:32.968837, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.968890, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.968993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000004-0000-0000-5f50-3874d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:32.969260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000004-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0012 (18)
- name_size : 0x0012 (18)
- name : *
- name : 'Security'
- type : REG_BINARY (3)
- data : *
- data: ARRAY(120)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x04 (4)
- [3] : 0x80 (128)
- [4] : 0x00 (0)
- [5] : 0x00 (0)
- [6] : 0x00 (0)
- [7] : 0x00 (0)
- [8] : 0x00 (0)
- [9] : 0x00 (0)
- [10] : 0x00 (0)
- [11] : 0x00 (0)
- [12] : 0x00 (0)
- [13] : 0x00 (0)
- [14] : 0x00 (0)
- [15] : 0x00 (0)
- [16] : 0x14 (20)
- [17] : 0x00 (0)
- [18] : 0x00 (0)
- [19] : 0x00 (0)
- [20] : 0x02 (2)
- [21] : 0x00 (0)
- [22] : 0x64 (100)
- [23] : 0x00 (0)
- [24] : 0x04 (4)
- [25] : 0x00 (0)
- [26] : 0x00 (0)
- [27] : 0x00 (0)
- [28] : 0x00 (0)
- [29] : 0x00 (0)
- [30] : 0x14 (20)
- [31] : 0x00 (0)
- [32] : 0x8d (141)
- [33] : 0x01 (1)
- [34] : 0x02 (2)
- [35] : 0x00 (0)
- [36] : 0x01 (1)
- [37] : 0x01 (1)
- [38] : 0x00 (0)
- [39] : 0x00 (0)
- [40] : 0x00 (0)
- [41] : 0x00 (0)
- [42] : 0x00 (0)
- [43] : 0x01 (1)
- [44] : 0x00 (0)
- [45] : 0x00 (0)
- [46] : 0x00 (0)
- [47] : 0x00 (0)
- [48] : 0x00 (0)
- [49] : 0x00 (0)
- [50] : 0x18 (24)
- [51] : 0x00 (0)
- [52] : 0xfd (253)
- [53] : 0x01 (1)
- [54] : 0x02 (2)
- [55] : 0x00 (0)
- [56] : 0x01 (1)
- [57] : 0x02 (2)
- [58] : 0x00 (0)
- [59] : 0x00 (0)
- [60] : 0x00 (0)
- [61] : 0x00 (0)
- [62] : 0x00 (0)
- [63] : 0x05 (5)
- [64] : 0x20 (32)
- [65] : 0x00 (0)
- [66] : 0x00 (0)
- [67] : 0x00 (0)
- [68] : 0x23 (35)
- [69] : 0x02 (2)
- [70] : 0x00 (0)
- [71] : 0x00 (0)
- [72] : 0x00 (0)
- [73] : 0x00 (0)
- [74] : 0x18 (24)
- [75] : 0x00 (0)
- [76] : 0xff (255)
- [77] : 0x01 (1)
- [78] : 0x0f (15)
- [79] : 0x00 (0)
- [80] : 0x01 (1)
- [81] : 0x02 (2)
- [82] : 0x00 (0)
- [83] : 0x00 (0)
- [84] : 0x00 (0)
- [85] : 0x00 (0)
- [86] : 0x00 (0)
- [87] : 0x05 (5)
- [88] : 0x20 (32)
- [89] : 0x00 (0)
- [90] : 0x00 (0)
- [91] : 0x00 (0)
- [92] : 0x25 (37)
- [93] : 0x02 (2)
- [94] : 0x00 (0)
- [95] : 0x00 (0)
- [96] : 0x00 (0)
- [97] : 0x00 (0)
- [98] : 0x18 (24)
- [99] : 0x00 (0)
- [100] : 0xff (255)
- [101] : 0x01 (1)
- [102] : 0x0f (15)
- [103] : 0x00 (0)
- [104] : 0x01 (1)
- [105] : 0x02 (2)
- [106] : 0x00 (0)
- [107] : 0x00 (0)
- [108] : 0x00 (0)
- [109] : 0x00 (0)
- [110] : 0x00 (0)
- [111] : 0x05 (5)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x00 (0)
- [115] : 0x00 (0)
- [116] : 0x20 (32)
- [117] : 0x02 (2)
- [118] : 0x00 (0)
- [119] : 0x00 (0)
- size : 0x00000078 (120)
- [2012/09/23 22:42:32.972431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.972536, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security]
- [2012/09/23 22:42:32.972592, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.972644, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:32.972697, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
- [2012/09/23 22:42:32.972774, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Security] len[120]
- [2012/09/23 22:42:32.972829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.972941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000004-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:32.973111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.973215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.973318, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:32.973368, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:32.973420, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:32.973632, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0056 (86)
- name_size : 0x0056 (86)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\NETLOGON'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_ACTION_NONE (0)
- [2012/09/23 22:42:32.974408, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.974512, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON'
- [2012/09/23 22:42:32.974576, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.974630, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.974681, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.974733, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.974788, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.974837, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.974888, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.974937, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.975004, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.975057, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.975109, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.975164, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.975214, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.975265, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.975314, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.975381, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.975436, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.975487, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.975539, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.975594, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.975643, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.975694, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.975743, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.975822, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.975876, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [NETLOGON]
- [2012/09/23 22:42:32.975927, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.975982, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.976032, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.976083, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.976132, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.976216, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.976271, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.976375, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:32.976630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000c (12)
- name_size : 0x000c (12)
- name : *
- name : 'Start'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x02 (2)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.977092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.977196, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start]
- [2012/09/23 22:42:32.977250, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.977313, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:32.977369, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.977436, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Start] len[4]
- [2012/09/23 22:42:32.977491, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[Type] len[4]
- [2012/09/23 22:42:32.977545, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[2]: name[ErrorControl] len[4]
- [2012/09/23 22:42:32.977599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[3]: name[ObjectName] len[24]
- [2012/09/23 22:42:32.977652, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[4]: name[DisplayName] len[20]
- [2012/09/23 22:42:32.977706, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[5]: name[ImagePath] len[54]
- [2012/09/23 22:42:32.977760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[6]: name[Description] len[164]
- [2012/09/23 22:42:32.977813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.977938, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000a (10)
- name_size : 0x000a (10)
- name : *
- name : 'Type'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x10 (16)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.978397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.978501, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type]
- [2012/09/23 22:42:32.978555, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.978607, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.978721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x001a (26)
- name_size : 0x001a (26)
- name : *
- name : 'ErrorControl'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:32.979179, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.979282, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl]
- [2012/09/23 22:42:32.979337, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.979389, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.979504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0016 (22)
- name_size : 0x0016 (22)
- name : *
- name : 'ObjectName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(24)
- [0] : 0x4c (76)
- [1] : 0x00 (0)
- [2] : 0x6f (111)
- [3] : 0x00 (0)
- [4] : 0x63 (99)
- [5] : 0x00 (0)
- [6] : 0x61 (97)
- [7] : 0x00 (0)
- [8] : 0x6c (108)
- [9] : 0x00 (0)
- [10] : 0x53 (83)
- [11] : 0x00 (0)
- [12] : 0x79 (121)
- [13] : 0x00 (0)
- [14] : 0x73 (115)
- [15] : 0x00 (0)
- [16] : 0x74 (116)
- [17] : 0x00 (0)
- [18] : 0x65 (101)
- [19] : 0x00 (0)
- [20] : 0x6d (109)
- [21] : 0x00 (0)
- [22] : 0x00 (0)
- [23] : 0x00 (0)
- size : 0x00000018 (24)
- [2012/09/23 22:42:32.980431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.980534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName]
- [2012/09/23 22:42:32.980589, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.980672, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.980795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'DisplayName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(20)
- [0] : 0x4e (78)
- [1] : 0x00 (0)
- [2] : 0x65 (101)
- [3] : 0x00 (0)
- [4] : 0x74 (116)
- [5] : 0x00 (0)
- [6] : 0x20 (32)
- [7] : 0x00 (0)
- [8] : 0x4c (76)
- [9] : 0x00 (0)
- [10] : 0x6f (111)
- [11] : 0x00 (0)
- [12] : 0x67 (103)
- [13] : 0x00 (0)
- [14] : 0x6f (111)
- [15] : 0x00 (0)
- [16] : 0x6e (110)
- [17] : 0x00 (0)
- [18] : 0x00 (0)
- [19] : 0x00 (0)
- size : 0x00000014 (20)
- [2012/09/23 22:42:32.981629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.981733, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName]
- [2012/09/23 22:42:32.981788, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.981840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.981959, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0014 (20)
- name_size : 0x0014 (20)
- name : *
- name : 'ImagePath'
- type : REG_SZ (1)
- data : *
- data: ARRAY(54)
- [0] : 0x2f (47)
- [1] : 0x00 (0)
- [2] : 0x75 (117)
- [3] : 0x00 (0)
- [4] : 0x73 (115)
- [5] : 0x00 (0)
- [6] : 0x72 (114)
- [7] : 0x00 (0)
- [8] : 0x2f (47)
- [9] : 0x00 (0)
- [10] : 0x6c (108)
- [11] : 0x00 (0)
- [12] : 0x69 (105)
- [13] : 0x00 (0)
- [14] : 0x62 (98)
- [15] : 0x00 (0)
- [16] : 0x2f (47)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x61 (97)
- [21] : 0x00 (0)
- [22] : 0x6d (109)
- [23] : 0x00 (0)
- [24] : 0x62 (98)
- [25] : 0x00 (0)
- [26] : 0x61 (97)
- [27] : 0x00 (0)
- [28] : 0x2f (47)
- [29] : 0x00 (0)
- [30] : 0x73 (115)
- [31] : 0x00 (0)
- [32] : 0x76 (118)
- [33] : 0x00 (0)
- [34] : 0x63 (99)
- [35] : 0x00 (0)
- [36] : 0x63 (99)
- [37] : 0x00 (0)
- [38] : 0x74 (116)
- [39] : 0x00 (0)
- [40] : 0x6c (108)
- [41] : 0x00 (0)
- [42] : 0x2f (47)
- [43] : 0x00 (0)
- [44] : 0x73 (115)
- [45] : 0x00 (0)
- [46] : 0x6d (109)
- [47] : 0x00 (0)
- [48] : 0x62 (98)
- [49] : 0x00 (0)
- [50] : 0x64 (100)
- [51] : 0x00 (0)
- [52] : 0x00 (0)
- [53] : 0x00 (0)
- size : 0x00000036 (54)
- [2012/09/23 22:42:32.983571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.983674, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath]
- [2012/09/23 22:42:32.983729, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.983781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.983897, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'Description'
- type : REG_SZ (1)
- data : *
- data: ARRAY(164)
- [0] : 0x46 (70)
- [1] : 0x00 (0)
- [2] : 0x69 (105)
- [3] : 0x00 (0)
- [4] : 0x6c (108)
- [5] : 0x00 (0)
- [6] : 0x65 (101)
- [7] : 0x00 (0)
- [8] : 0x20 (32)
- [9] : 0x00 (0)
- [10] : 0x73 (115)
- [11] : 0x00 (0)
- [12] : 0x65 (101)
- [13] : 0x00 (0)
- [14] : 0x72 (114)
- [15] : 0x00 (0)
- [16] : 0x76 (118)
- [17] : 0x00 (0)
- [18] : 0x69 (105)
- [19] : 0x00 (0)
- [20] : 0x63 (99)
- [21] : 0x00 (0)
- [22] : 0x65 (101)
- [23] : 0x00 (0)
- [24] : 0x20 (32)
- [25] : 0x00 (0)
- [26] : 0x70 (112)
- [27] : 0x00 (0)
- [28] : 0x72 (114)
- [29] : 0x00 (0)
- [30] : 0x6f (111)
- [31] : 0x00 (0)
- [32] : 0x76 (118)
- [33] : 0x00 (0)
- [34] : 0x69 (105)
- [35] : 0x00 (0)
- [36] : 0x64 (100)
- [37] : 0x00 (0)
- [38] : 0x69 (105)
- [39] : 0x00 (0)
- [40] : 0x6e (110)
- [41] : 0x00 (0)
- [42] : 0x67 (103)
- [43] : 0x00 (0)
- [44] : 0x20 (32)
- [45] : 0x00 (0)
- [46] : 0x61 (97)
- [47] : 0x00 (0)
- [48] : 0x63 (99)
- [49] : 0x00 (0)
- [50] : 0x63 (99)
- [51] : 0x00 (0)
- [52] : 0x65 (101)
- [53] : 0x00 (0)
- [54] : 0x73 (115)
- [55] : 0x00 (0)
- [56] : 0x73 (115)
- [57] : 0x00 (0)
- [58] : 0x20 (32)
- [59] : 0x00 (0)
- [60] : 0x74 (116)
- [61] : 0x00 (0)
- [62] : 0x6f (111)
- [63] : 0x00 (0)
- [64] : 0x20 (32)
- [65] : 0x00 (0)
- [66] : 0x70 (112)
- [67] : 0x00 (0)
- [68] : 0x6f (111)
- [69] : 0x00 (0)
- [70] : 0x6c (108)
- [71] : 0x00 (0)
- [72] : 0x69 (105)
- [73] : 0x00 (0)
- [74] : 0x63 (99)
- [75] : 0x00 (0)
- [76] : 0x79 (121)
- [77] : 0x00 (0)
- [78] : 0x20 (32)
- [79] : 0x00 (0)
- [80] : 0x61 (97)
- [81] : 0x00 (0)
- [82] : 0x6e (110)
- [83] : 0x00 (0)
- [84] : 0x64 (100)
- [85] : 0x00 (0)
- [86] : 0x20 (32)
- [87] : 0x00 (0)
- [88] : 0x70 (112)
- [89] : 0x00 (0)
- [90] : 0x72 (114)
- [91] : 0x00 (0)
- [92] : 0x6f (111)
- [93] : 0x00 (0)
- [94] : 0x66 (102)
- [95] : 0x00 (0)
- [96] : 0x69 (105)
- [97] : 0x00 (0)
- [98] : 0x6c (108)
- [99] : 0x00 (0)
- [100] : 0x65 (101)
- [101] : 0x00 (0)
- [102] : 0x20 (32)
- [103] : 0x00 (0)
- [104] : 0x64 (100)
- [105] : 0x00 (0)
- [106] : 0x61 (97)
- [107] : 0x00 (0)
- [108] : 0x74 (116)
- [109] : 0x00 (0)
- [110] : 0x61 (97)
- [111] : 0x00 (0)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x28 (40)
- [115] : 0x00 (0)
- [116] : 0x6e (110)
- [117] : 0x00 (0)
- [118] : 0x6f (111)
- [119] : 0x00 (0)
- [120] : 0x74 (116)
- [121] : 0x00 (0)
- [122] : 0x72 (114)
- [123] : 0x00 (0)
- [124] : 0x65 (101)
- [125] : 0x00 (0)
- [126] : 0x6d (109)
- [127] : 0x00 (0)
- [128] : 0x6f (111)
- [129] : 0x00 (0)
- [130] : 0x74 (116)
- [131] : 0x00 (0)
- [132] : 0x65 (101)
- [133] : 0x00 (0)
- [134] : 0x6c (108)
- [135] : 0x00 (0)
- [136] : 0x79 (121)
- [137] : 0x00 (0)
- [138] : 0x20 (32)
- [139] : 0x00 (0)
- [140] : 0x6d (109)
- [141] : 0x00 (0)
- [142] : 0x61 (97)
- [143] : 0x00 (0)
- [144] : 0x6e (110)
- [145] : 0x00 (0)
- [146] : 0x61 (97)
- [147] : 0x00 (0)
- [148] : 0x67 (103)
- [149] : 0x00 (0)
- [150] : 0x65 (101)
- [151] : 0x00 (0)
- [152] : 0x61 (97)
- [153] : 0x00 (0)
- [154] : 0x62 (98)
- [155] : 0x00 (0)
- [156] : 0x6c (108)
- [157] : 0x00 (0)
- [158] : 0x65 (101)
- [159] : 0x00 (0)
- [160] : 0x29 (41)
- [161] : 0x00 (0)
- [162] : 0x00 (0)
- [163] : 0x00 (0)
- size : 0x000000a4 (164)
- [2012/09/23 22:42:32.988080, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.988184, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description]
- [2012/09/23 22:42:32.988239, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.988291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.988402, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:32.988573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.988676, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.988778, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:32.988830, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:32.988882, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:32.989093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0068 (104)
- name_size : 0x0068 (104)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- [2012/09/23 22:42:32.989864, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.989968, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security'
- [2012/09/23 22:42:32.990024, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.990077, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.990128, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.990180, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.990235, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.990284, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.990334, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.990382, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.990450, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.990503, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.990555, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.990611, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.990687, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.990739, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.990788, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.990856, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.990911, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.990962, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.991014, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.991068, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.991118, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.991169, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.991218, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.991308, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.991364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.991416, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [NETLOGON]
- [2012/09/23 22:42:32.991467, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.991523, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.991572, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.991624, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.991673, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
- [2012/09/23 22:42:32.991748, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.991803, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Security]
- [2012/09/23 22:42:32.991854, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.991911, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
- [2012/09/23 22:42:32.991962, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
- [2012/09/23 22:42:32.992014, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.992063, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
- [2012/09/23 22:42:32.992128, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
- regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
- [2012/09/23 22:42:32.992184, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.992237, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.992341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000006-0000-0000-5f50-3874d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:32.992600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000006-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0012 (18)
- name_size : 0x0012 (18)
- name : *
- name : 'Security'
- type : REG_BINARY (3)
- data : *
- data: ARRAY(120)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x04 (4)
- [3] : 0x80 (128)
- [4] : 0x00 (0)
- [5] : 0x00 (0)
- [6] : 0x00 (0)
- [7] : 0x00 (0)
- [8] : 0x00 (0)
- [9] : 0x00 (0)
- [10] : 0x00 (0)
- [11] : 0x00 (0)
- [12] : 0x00 (0)
- [13] : 0x00 (0)
- [14] : 0x00 (0)
- [15] : 0x00 (0)
- [16] : 0x14 (20)
- [17] : 0x00 (0)
- [18] : 0x00 (0)
- [19] : 0x00 (0)
- [20] : 0x02 (2)
- [21] : 0x00 (0)
- [22] : 0x64 (100)
- [23] : 0x00 (0)
- [24] : 0x04 (4)
- [25] : 0x00 (0)
- [26] : 0x00 (0)
- [27] : 0x00 (0)
- [28] : 0x00 (0)
- [29] : 0x00 (0)
- [30] : 0x14 (20)
- [31] : 0x00 (0)
- [32] : 0x8d (141)
- [33] : 0x01 (1)
- [34] : 0x02 (2)
- [35] : 0x00 (0)
- [36] : 0x01 (1)
- [37] : 0x01 (1)
- [38] : 0x00 (0)
- [39] : 0x00 (0)
- [40] : 0x00 (0)
- [41] : 0x00 (0)
- [42] : 0x00 (0)
- [43] : 0x01 (1)
- [44] : 0x00 (0)
- [45] : 0x00 (0)
- [46] : 0x00 (0)
- [47] : 0x00 (0)
- [48] : 0x00 (0)
- [49] : 0x00 (0)
- [50] : 0x18 (24)
- [51] : 0x00 (0)
- [52] : 0xfd (253)
- [53] : 0x01 (1)
- [54] : 0x02 (2)
- [55] : 0x00 (0)
- [56] : 0x01 (1)
- [57] : 0x02 (2)
- [58] : 0x00 (0)
- [59] : 0x00 (0)
- [60] : 0x00 (0)
- [61] : 0x00 (0)
- [62] : 0x00 (0)
- [63] : 0x05 (5)
- [64] : 0x20 (32)
- [65] : 0x00 (0)
- [66] : 0x00 (0)
- [67] : 0x00 (0)
- [68] : 0x23 (35)
- [69] : 0x02 (2)
- [70] : 0x00 (0)
- [71] : 0x00 (0)
- [72] : 0x00 (0)
- [73] : 0x00 (0)
- [74] : 0x18 (24)
- [75] : 0x00 (0)
- [76] : 0xff (255)
- [77] : 0x01 (1)
- [78] : 0x0f (15)
- [79] : 0x00 (0)
- [80] : 0x01 (1)
- [81] : 0x02 (2)
- [82] : 0x00 (0)
- [83] : 0x00 (0)
- [84] : 0x00 (0)
- [85] : 0x00 (0)
- [86] : 0x00 (0)
- [87] : 0x05 (5)
- [88] : 0x20 (32)
- [89] : 0x00 (0)
- [90] : 0x00 (0)
- [91] : 0x00 (0)
- [92] : 0x25 (37)
- [93] : 0x02 (2)
- [94] : 0x00 (0)
- [95] : 0x00 (0)
- [96] : 0x00 (0)
- [97] : 0x00 (0)
- [98] : 0x18 (24)
- [99] : 0x00 (0)
- [100] : 0xff (255)
- [101] : 0x01 (1)
- [102] : 0x0f (15)
- [103] : 0x00 (0)
- [104] : 0x01 (1)
- [105] : 0x02 (2)
- [106] : 0x00 (0)
- [107] : 0x00 (0)
- [108] : 0x00 (0)
- [109] : 0x00 (0)
- [110] : 0x00 (0)
- [111] : 0x05 (5)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x00 (0)
- [115] : 0x00 (0)
- [116] : 0x20 (32)
- [117] : 0x02 (2)
- [118] : 0x00 (0)
- [119] : 0x00 (0)
- size : 0x00000078 (120)
- [2012/09/23 22:42:32.995766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.995870, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security]
- [2012/09/23 22:42:32.995926, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.995977, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:32.996031, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
- [2012/09/23 22:42:32.996099, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Security] len[120]
- [2012/09/23 22:42:32.996161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:32.996274, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000006-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:32.996447, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.996550, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.996651, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:32.996702, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:32.996753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:32.996967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0062 (98)
- name_size : 0x0062 (98)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_ACTION_NONE (0)
- [2012/09/23 22:42:32.997747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.997852, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry'
- [2012/09/23 22:42:32.997915, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:32.997970, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.998021, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:32.998073, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:32.998128, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.998177, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.998228, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.998277, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:32.998345, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.998398, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:32.998450, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.998506, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.998555, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.998606, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.998655, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:32.998722, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.998777, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:32.998829, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:32.998880, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.998935, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.998985, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.999036, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.999086, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:32.999164, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.999218, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [RemoteRegistry]
- [2012/09/23 22:42:32.999270, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:32.999326, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:32.999376, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:32.999427, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:32.999477, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:32.999549, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:32.999612, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:32.999716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:32.999970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000c (12)
- name_size : 0x000c (12)
- name : *
- name : 'Start'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x02 (2)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.000431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.000534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start]
- [2012/09/23 22:42:33.000590, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.000668, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:33.000723, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:33.000792, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Start] len[4]
- [2012/09/23 22:42:33.000847, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[Type] len[4]
- [2012/09/23 22:42:33.000901, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[2]: name[ErrorControl] len[4]
- [2012/09/23 22:42:33.000955, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[3]: name[ObjectName] len[24]
- [2012/09/23 22:42:33.001009, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[4]: name[DisplayName] len[48]
- [2012/09/23 22:42:33.001064, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[5]: name[ImagePath] len[54]
- [2012/09/23 22:42:33.001119, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[6]: name[Description] len[126]
- [2012/09/23 22:42:33.001173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.001298, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x000a (10)
- name_size : 0x000a (10)
- name : *
- name : 'Type'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x10 (16)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.001757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.001860, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type]
- [2012/09/23 22:42:33.001915, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.001967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.002080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x001a (26)
- name_size : 0x001a (26)
- name : *
- name : 'ErrorControl'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.002540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.002643, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl]
- [2012/09/23 22:42:33.002699, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.002751, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.002867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0016 (22)
- name_size : 0x0016 (22)
- name : *
- name : 'ObjectName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(24)
- [0] : 0x4c (76)
- [1] : 0x00 (0)
- [2] : 0x6f (111)
- [3] : 0x00 (0)
- [4] : 0x63 (99)
- [5] : 0x00 (0)
- [6] : 0x61 (97)
- [7] : 0x00 (0)
- [8] : 0x6c (108)
- [9] : 0x00 (0)
- [10] : 0x53 (83)
- [11] : 0x00 (0)
- [12] : 0x79 (121)
- [13] : 0x00 (0)
- [14] : 0x73 (115)
- [15] : 0x00 (0)
- [16] : 0x74 (116)
- [17] : 0x00 (0)
- [18] : 0x65 (101)
- [19] : 0x00 (0)
- [20] : 0x6d (109)
- [21] : 0x00 (0)
- [22] : 0x00 (0)
- [23] : 0x00 (0)
- size : 0x00000018 (24)
- [2012/09/23 22:42:33.003794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.003898, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName]
- [2012/09/23 22:42:33.003953, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.004021, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.004141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'DisplayName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(48)
- [0] : 0x52 (82)
- [1] : 0x00 (0)
- [2] : 0x65 (101)
- [3] : 0x00 (0)
- [4] : 0x6d (109)
- [5] : 0x00 (0)
- [6] : 0x6f (111)
- [7] : 0x00 (0)
- [8] : 0x74 (116)
- [9] : 0x00 (0)
- [10] : 0x65 (101)
- [11] : 0x00 (0)
- [12] : 0x20 (32)
- [13] : 0x00 (0)
- [14] : 0x52 (82)
- [15] : 0x00 (0)
- [16] : 0x65 (101)
- [17] : 0x00 (0)
- [18] : 0x67 (103)
- [19] : 0x00 (0)
- [20] : 0x69 (105)
- [21] : 0x00 (0)
- [22] : 0x73 (115)
- [23] : 0x00 (0)
- [24] : 0x74 (116)
- [25] : 0x00 (0)
- [26] : 0x72 (114)
- [27] : 0x00 (0)
- [28] : 0x79 (121)
- [29] : 0x00 (0)
- [30] : 0x20 (32)
- [31] : 0x00 (0)
- [32] : 0x53 (83)
- [33] : 0x00 (0)
- [34] : 0x65 (101)
- [35] : 0x00 (0)
- [36] : 0x72 (114)
- [37] : 0x00 (0)
- [38] : 0x76 (118)
- [39] : 0x00 (0)
- [40] : 0x69 (105)
- [41] : 0x00 (0)
- [42] : 0x63 (99)
- [43] : 0x00 (0)
- [44] : 0x65 (101)
- [45] : 0x00 (0)
- [46] : 0x00 (0)
- [47] : 0x00 (0)
- size : 0x00000030 (48)
- [2012/09/23 22:42:33.005616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.005720, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName]
- [2012/09/23 22:42:33.005775, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.005828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.005945, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0014 (20)
- name_size : 0x0014 (20)
- name : *
- name : 'ImagePath'
- type : REG_SZ (1)
- data : *
- data: ARRAY(54)
- [0] : 0x2f (47)
- [1] : 0x00 (0)
- [2] : 0x75 (117)
- [3] : 0x00 (0)
- [4] : 0x73 (115)
- [5] : 0x00 (0)
- [6] : 0x72 (114)
- [7] : 0x00 (0)
- [8] : 0x2f (47)
- [9] : 0x00 (0)
- [10] : 0x6c (108)
- [11] : 0x00 (0)
- [12] : 0x69 (105)
- [13] : 0x00 (0)
- [14] : 0x62 (98)
- [15] : 0x00 (0)
- [16] : 0x2f (47)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x61 (97)
- [21] : 0x00 (0)
- [22] : 0x6d (109)
- [23] : 0x00 (0)
- [24] : 0x62 (98)
- [25] : 0x00 (0)
- [26] : 0x61 (97)
- [27] : 0x00 (0)
- [28] : 0x2f (47)
- [29] : 0x00 (0)
- [30] : 0x73 (115)
- [31] : 0x00 (0)
- [32] : 0x76 (118)
- [33] : 0x00 (0)
- [34] : 0x63 (99)
- [35] : 0x00 (0)
- [36] : 0x63 (99)
- [37] : 0x00 (0)
- [38] : 0x74 (116)
- [39] : 0x00 (0)
- [40] : 0x6c (108)
- [41] : 0x00 (0)
- [42] : 0x2f (47)
- [43] : 0x00 (0)
- [44] : 0x73 (115)
- [45] : 0x00 (0)
- [46] : 0x6d (109)
- [47] : 0x00 (0)
- [48] : 0x62 (98)
- [49] : 0x00 (0)
- [50] : 0x64 (100)
- [51] : 0x00 (0)
- [52] : 0x00 (0)
- [53] : 0x00 (0)
- size : 0x00000036 (54)
- [2012/09/23 22:42:33.007572, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.007676, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath]
- [2012/09/23 22:42:33.007732, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.007784, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.007905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'Description'
- type : REG_SZ (1)
- data : *
- data: ARRAY(126)
- [0] : 0x49 (73)
- [1] : 0x00 (0)
- [2] : 0x6e (110)
- [3] : 0x00 (0)
- [4] : 0x74 (116)
- [5] : 0x00 (0)
- [6] : 0x65 (101)
- [7] : 0x00 (0)
- [8] : 0x72 (114)
- [9] : 0x00 (0)
- [10] : 0x6e (110)
- [11] : 0x00 (0)
- [12] : 0x61 (97)
- [13] : 0x00 (0)
- [14] : 0x6c (108)
- [15] : 0x00 (0)
- [16] : 0x20 (32)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x65 (101)
- [21] : 0x00 (0)
- [22] : 0x72 (114)
- [23] : 0x00 (0)
- [24] : 0x76 (118)
- [25] : 0x00 (0)
- [26] : 0x69 (105)
- [27] : 0x00 (0)
- [28] : 0x63 (99)
- [29] : 0x00 (0)
- [30] : 0x65 (101)
- [31] : 0x00 (0)
- [32] : 0x20 (32)
- [33] : 0x00 (0)
- [34] : 0x70 (112)
- [35] : 0x00 (0)
- [36] : 0x72 (114)
- [37] : 0x00 (0)
- [38] : 0x6f (111)
- [39] : 0x00 (0)
- [40] : 0x76 (118)
- [41] : 0x00 (0)
- [42] : 0x69 (105)
- [43] : 0x00 (0)
- [44] : 0x64 (100)
- [45] : 0x00 (0)
- [46] : 0x69 (105)
- [47] : 0x00 (0)
- [48] : 0x6e (110)
- [49] : 0x00 (0)
- [50] : 0x67 (103)
- [51] : 0x00 (0)
- [52] : 0x20 (32)
- [53] : 0x00 (0)
- [54] : 0x72 (114)
- [55] : 0x00 (0)
- [56] : 0x65 (101)
- [57] : 0x00 (0)
- [58] : 0x6d (109)
- [59] : 0x00 (0)
- [60] : 0x6f (111)
- [61] : 0x00 (0)
- [62] : 0x74 (116)
- [63] : 0x00 (0)
- [64] : 0x65 (101)
- [65] : 0x00 (0)
- [66] : 0x20 (32)
- [67] : 0x00 (0)
- [68] : 0x61 (97)
- [69] : 0x00 (0)
- [70] : 0x63 (99)
- [71] : 0x00 (0)
- [72] : 0x63 (99)
- [73] : 0x00 (0)
- [74] : 0x65 (101)
- [75] : 0x00 (0)
- [76] : 0x73 (115)
- [77] : 0x00 (0)
- [78] : 0x73 (115)
- [79] : 0x00 (0)
- [80] : 0x20 (32)
- [81] : 0x00 (0)
- [82] : 0x74 (116)
- [83] : 0x00 (0)
- [84] : 0x6f (111)
- [85] : 0x00 (0)
- [86] : 0x20 (32)
- [87] : 0x00 (0)
- [88] : 0x74 (116)
- [89] : 0x00 (0)
- [90] : 0x68 (104)
- [91] : 0x00 (0)
- [92] : 0x65 (101)
- [93] : 0x00 (0)
- [94] : 0x20 (32)
- [95] : 0x00 (0)
- [96] : 0x53 (83)
- [97] : 0x00 (0)
- [98] : 0x61 (97)
- [99] : 0x00 (0)
- [100] : 0x6d (109)
- [101] : 0x00 (0)
- [102] : 0x62 (98)
- [103] : 0x00 (0)
- [104] : 0x61 (97)
- [105] : 0x00 (0)
- [106] : 0x20 (32)
- [107] : 0x00 (0)
- [108] : 0x72 (114)
- [109] : 0x00 (0)
- [110] : 0x65 (101)
- [111] : 0x00 (0)
- [112] : 0x67 (103)
- [113] : 0x00 (0)
- [114] : 0x69 (105)
- [115] : 0x00 (0)
- [116] : 0x73 (115)
- [117] : 0x00 (0)
- [118] : 0x74 (116)
- [119] : 0x00 (0)
- [120] : 0x72 (114)
- [121] : 0x00 (0)
- [122] : 0x79 (121)
- [123] : 0x00 (0)
- [124] : 0x00 (0)
- [125] : 0x00 (0)
- size : 0x0000007e (126)
- [2012/09/23 22:42:33.011215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.011328, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description]
- [2012/09/23 22:42:33.011385, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.011437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.011550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:33.011722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.011826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.011928, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.011980, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.012033, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.012247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0074 (116)
- name_size : 0x0074 (116)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- [2012/09/23 22:42:33.013018, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.013122, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security'
- [2012/09/23 22:42:33.013179, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.013232, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.013284, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:33.013336, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:33.013391, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.013440, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.013490, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.013540, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.013607, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.013661, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:33.013713, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.013769, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.013818, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.013869, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.013918, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.014001, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.014057, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.014108, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:33.014159, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.014214, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.014263, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.014315, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.014364, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.014445, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.014501, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.014553, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [RemoteRegistry]
- [2012/09/23 22:42:33.014604, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.014668, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:33.014719, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:33.014770, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.014820, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
- [2012/09/23 22:42:33.014894, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.014948, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Security]
- [2012/09/23 22:42:33.015000, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.015056, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
- [2012/09/23 22:42:33.015107, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
- [2012/09/23 22:42:33.015159, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.015208, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
- [2012/09/23 22:42:33.015273, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
- regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
- [2012/09/23 22:42:33.015329, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.015383, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.015488, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-5f50-3974d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:33.015748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0012 (18)
- name_size : 0x0012 (18)
- name : *
- name : 'Security'
- type : REG_BINARY (3)
- data : *
- data: ARRAY(120)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x04 (4)
- [3] : 0x80 (128)
- [4] : 0x00 (0)
- [5] : 0x00 (0)
- [6] : 0x00 (0)
- [7] : 0x00 (0)
- [8] : 0x00 (0)
- [9] : 0x00 (0)
- [10] : 0x00 (0)
- [11] : 0x00 (0)
- [12] : 0x00 (0)
- [13] : 0x00 (0)
- [14] : 0x00 (0)
- [15] : 0x00 (0)
- [16] : 0x14 (20)
- [17] : 0x00 (0)
- [18] : 0x00 (0)
- [19] : 0x00 (0)
- [20] : 0x02 (2)
- [21] : 0x00 (0)
- [22] : 0x64 (100)
- [23] : 0x00 (0)
- [24] : 0x04 (4)
- [25] : 0x00 (0)
- [26] : 0x00 (0)
- [27] : 0x00 (0)
- [28] : 0x00 (0)
- [29] : 0x00 (0)
- [30] : 0x14 (20)
- [31] : 0x00 (0)
- [32] : 0x8d (141)
- [33] : 0x01 (1)
- [34] : 0x02 (2)
- [35] : 0x00 (0)
- [36] : 0x01 (1)
- [37] : 0x01 (1)
- [38] : 0x00 (0)
- [39] : 0x00 (0)
- [40] : 0x00 (0)
- [41] : 0x00 (0)
- [42] : 0x00 (0)
- [43] : 0x01 (1)
- [44] : 0x00 (0)
- [45] : 0x00 (0)
- [46] : 0x00 (0)
- [47] : 0x00 (0)
- [48] : 0x00 (0)
- [49] : 0x00 (0)
- [50] : 0x18 (24)
- [51] : 0x00 (0)
- [52] : 0xfd (253)
- [53] : 0x01 (1)
- [54] : 0x02 (2)
- [55] : 0x00 (0)
- [56] : 0x01 (1)
- [57] : 0x02 (2)
- [58] : 0x00 (0)
- [59] : 0x00 (0)
- [60] : 0x00 (0)
- [61] : 0x00 (0)
- [62] : 0x00 (0)
- [63] : 0x05 (5)
- [64] : 0x20 (32)
- [65] : 0x00 (0)
- [66] : 0x00 (0)
- [67] : 0x00 (0)
- [68] : 0x23 (35)
- [69] : 0x02 (2)
- [70] : 0x00 (0)
- [71] : 0x00 (0)
- [72] : 0x00 (0)
- [73] : 0x00 (0)
- [74] : 0x18 (24)
- [75] : 0x00 (0)
- [76] : 0xff (255)
- [77] : 0x01 (1)
- [78] : 0x0f (15)
- [79] : 0x00 (0)
- [80] : 0x01 (1)
- [81] : 0x02 (2)
- [82] : 0x00 (0)
- [83] : 0x00 (0)
- [84] : 0x00 (0)
- [85] : 0x00 (0)
- [86] : 0x00 (0)
- [87] : 0x05 (5)
- [88] : 0x20 (32)
- [89] : 0x00 (0)
- [90] : 0x00 (0)
- [91] : 0x00 (0)
- [92] : 0x25 (37)
- [93] : 0x02 (2)
- [94] : 0x00 (0)
- [95] : 0x00 (0)
- [96] : 0x00 (0)
- [97] : 0x00 (0)
- [98] : 0x18 (24)
- [99] : 0x00 (0)
- [100] : 0xff (255)
- [101] : 0x01 (1)
- [102] : 0x0f (15)
- [103] : 0x00 (0)
- [104] : 0x01 (1)
- [105] : 0x02 (2)
- [106] : 0x00 (0)
- [107] : 0x00 (0)
- [108] : 0x00 (0)
- [109] : 0x00 (0)
- [110] : 0x00 (0)
- [111] : 0x05 (5)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x00 (0)
- [115] : 0x00 (0)
- [116] : 0x20 (32)
- [117] : 0x02 (2)
- [118] : 0x00 (0)
- [119] : 0x00 (0)
- size : 0x00000078 (120)
- [2012/09/23 22:42:33.018907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.019010, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security]
- [2012/09/23 22:42:33.019067, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.019118, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:33.019172, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
- [2012/09/23 22:42:33.019241, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Security] len[120]
- [2012/09/23 22:42:33.019296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.019407, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-5f50-3974d2240000
- [2012/09/23 22:42:33.019587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.019691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.019792, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.019844, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.019896, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.020111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x004e (78)
- name_size : 0x004e (78)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\WINS'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_ACTION_NONE (0)
- [2012/09/23 22:42:33.020899, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.021005, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS'
- [2012/09/23 22:42:33.021061, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.021114, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.021166, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:33.021217, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:33.021272, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.021330, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.021381, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.021430, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.021497, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.021550, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:33.021602, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.021657, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.021706, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.021757, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.021806, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.021874, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.021929, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.021980, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:33.022031, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.022086, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.022135, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.022187, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.022236, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.022313, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.022368, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [WINS]
- [2012/09/23 22:42:33.022419, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.022474, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.022523, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.022575, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.022623, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.022692, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.022747, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.022850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:33.023114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x000c (12)
- name_size : 0x000c (12)
- name : *
- name : 'Start'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x02 (2)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.023574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.023678, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start]
- [2012/09/23 22:42:33.023733, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.023784, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:33.023836, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.023903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Start] len[4]
- [2012/09/23 22:42:33.023970, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[Type] len[4]
- [2012/09/23 22:42:33.024027, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[2]: name[ErrorControl] len[4]
- [2012/09/23 22:42:33.024081, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[3]: name[ObjectName] len[24]
- [2012/09/23 22:42:33.024134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[4]: name[DisplayName] len[74]
- [2012/09/23 22:42:33.024189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[5]: name[ImagePath] len[54]
- [2012/09/23 22:42:33.024243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[6]: name[Description] len[178]
- [2012/09/23 22:42:33.024297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.024413, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x000a (10)
- name_size : 0x000a (10)
- name : *
- name : 'Type'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x10 (16)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.024884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.024989, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type]
- [2012/09/23 22:42:33.025043, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.025096, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.025211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x001a (26)
- name_size : 0x001a (26)
- name : *
- name : 'ErrorControl'
- type : REG_DWORD (4)
- data : *
- data: ARRAY(4)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- size : 0x00000004 (4)
- [2012/09/23 22:42:33.025673, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.025776, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl]
- [2012/09/23 22:42:33.025831, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.025883, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.025999, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0016 (22)
- name_size : 0x0016 (22)
- name : *
- name : 'ObjectName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(24)
- [0] : 0x4c (76)
- [1] : 0x00 (0)
- [2] : 0x6f (111)
- [3] : 0x00 (0)
- [4] : 0x63 (99)
- [5] : 0x00 (0)
- [6] : 0x61 (97)
- [7] : 0x00 (0)
- [8] : 0x6c (108)
- [9] : 0x00 (0)
- [10] : 0x53 (83)
- [11] : 0x00 (0)
- [12] : 0x79 (121)
- [13] : 0x00 (0)
- [14] : 0x73 (115)
- [15] : 0x00 (0)
- [16] : 0x74 (116)
- [17] : 0x00 (0)
- [18] : 0x65 (101)
- [19] : 0x00 (0)
- [20] : 0x6d (109)
- [21] : 0x00 (0)
- [22] : 0x00 (0)
- [23] : 0x00 (0)
- size : 0x00000018 (24)
- [2012/09/23 22:42:33.026930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.027034, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName]
- [2012/09/23 22:42:33.027089, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.027141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.027261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'DisplayName'
- type : REG_SZ (1)
- data : *
- data: ARRAY(74)
- [0] : 0x57 (87)
- [1] : 0x00 (0)
- [2] : 0x69 (105)
- [3] : 0x00 (0)
- [4] : 0x6e (110)
- [5] : 0x00 (0)
- [6] : 0x64 (100)
- [7] : 0x00 (0)
- [8] : 0x6f (111)
- [9] : 0x00 (0)
- [10] : 0x77 (119)
- [11] : 0x00 (0)
- [12] : 0x73 (115)
- [13] : 0x00 (0)
- [14] : 0x20 (32)
- [15] : 0x00 (0)
- [16] : 0x49 (73)
- [17] : 0x00 (0)
- [18] : 0x6e (110)
- [19] : 0x00 (0)
- [20] : 0x74 (116)
- [21] : 0x00 (0)
- [22] : 0x65 (101)
- [23] : 0x00 (0)
- [24] : 0x72 (114)
- [25] : 0x00 (0)
- [26] : 0x6e (110)
- [27] : 0x00 (0)
- [28] : 0x65 (101)
- [29] : 0x00 (0)
- [30] : 0x74 (116)
- [31] : 0x00 (0)
- [32] : 0x20 (32)
- [33] : 0x00 (0)
- [34] : 0x4e (78)
- [35] : 0x00 (0)
- [36] : 0x61 (97)
- [37] : 0x00 (0)
- [38] : 0x6d (109)
- [39] : 0x00 (0)
- [40] : 0x65 (101)
- [41] : 0x00 (0)
- [42] : 0x20 (32)
- [43] : 0x00 (0)
- [44] : 0x53 (83)
- [45] : 0x00 (0)
- [46] : 0x65 (101)
- [47] : 0x00 (0)
- [48] : 0x72 (114)
- [49] : 0x00 (0)
- [50] : 0x76 (118)
- [51] : 0x00 (0)
- [52] : 0x69 (105)
- [53] : 0x00 (0)
- [54] : 0x63 (99)
- [55] : 0x00 (0)
- [56] : 0x65 (101)
- [57] : 0x00 (0)
- [58] : 0x20 (32)
- [59] : 0x00 (0)
- [60] : 0x28 (40)
- [61] : 0x00 (0)
- [62] : 0x57 (87)
- [63] : 0x00 (0)
- [64] : 0x49 (73)
- [65] : 0x00 (0)
- [66] : 0x4e (78)
- [67] : 0x00 (0)
- [68] : 0x53 (83)
- [69] : 0x00 (0)
- [70] : 0x29 (41)
- [71] : 0x00 (0)
- [72] : 0x00 (0)
- [73] : 0x00 (0)
- size : 0x0000004a (74)
- [2012/09/23 22:42:33.029356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.029460, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName]
- [2012/09/23 22:42:33.029514, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.029567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.029687, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0014 (20)
- name_size : 0x0014 (20)
- name : *
- name : 'ImagePath'
- type : REG_SZ (1)
- data : *
- data: ARRAY(54)
- [0] : 0x2f (47)
- [1] : 0x00 (0)
- [2] : 0x75 (117)
- [3] : 0x00 (0)
- [4] : 0x73 (115)
- [5] : 0x00 (0)
- [6] : 0x72 (114)
- [7] : 0x00 (0)
- [8] : 0x2f (47)
- [9] : 0x00 (0)
- [10] : 0x6c (108)
- [11] : 0x00 (0)
- [12] : 0x69 (105)
- [13] : 0x00 (0)
- [14] : 0x62 (98)
- [15] : 0x00 (0)
- [16] : 0x2f (47)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x61 (97)
- [21] : 0x00 (0)
- [22] : 0x6d (109)
- [23] : 0x00 (0)
- [24] : 0x62 (98)
- [25] : 0x00 (0)
- [26] : 0x61 (97)
- [27] : 0x00 (0)
- [28] : 0x2f (47)
- [29] : 0x00 (0)
- [30] : 0x73 (115)
- [31] : 0x00 (0)
- [32] : 0x76 (118)
- [33] : 0x00 (0)
- [34] : 0x63 (99)
- [35] : 0x00 (0)
- [36] : 0x63 (99)
- [37] : 0x00 (0)
- [38] : 0x74 (116)
- [39] : 0x00 (0)
- [40] : 0x6c (108)
- [41] : 0x00 (0)
- [42] : 0x2f (47)
- [43] : 0x00 (0)
- [44] : 0x6e (110)
- [45] : 0x00 (0)
- [46] : 0x6d (109)
- [47] : 0x00 (0)
- [48] : 0x62 (98)
- [49] : 0x00 (0)
- [50] : 0x64 (100)
- [51] : 0x00 (0)
- [52] : 0x00 (0)
- [53] : 0x00 (0)
- size : 0x00000036 (54)
- [2012/09/23 22:42:33.031335, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.031448, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath]
- [2012/09/23 22:42:33.031503, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.031555, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.031674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0018 (24)
- name_size : 0x0018 (24)
- name : *
- name : 'Description'
- type : REG_SZ (1)
- data : *
- data: ARRAY(178)
- [0] : 0x49 (73)
- [1] : 0x00 (0)
- [2] : 0x6e (110)
- [3] : 0x00 (0)
- [4] : 0x74 (116)
- [5] : 0x00 (0)
- [6] : 0x65 (101)
- [7] : 0x00 (0)
- [8] : 0x72 (114)
- [9] : 0x00 (0)
- [10] : 0x6e (110)
- [11] : 0x00 (0)
- [12] : 0x61 (97)
- [13] : 0x00 (0)
- [14] : 0x6c (108)
- [15] : 0x00 (0)
- [16] : 0x20 (32)
- [17] : 0x00 (0)
- [18] : 0x73 (115)
- [19] : 0x00 (0)
- [20] : 0x65 (101)
- [21] : 0x00 (0)
- [22] : 0x72 (114)
- [23] : 0x00 (0)
- [24] : 0x76 (118)
- [25] : 0x00 (0)
- [26] : 0x69 (105)
- [27] : 0x00 (0)
- [28] : 0x63 (99)
- [29] : 0x00 (0)
- [30] : 0x65 (101)
- [31] : 0x00 (0)
- [32] : 0x20 (32)
- [33] : 0x00 (0)
- [34] : 0x70 (112)
- [35] : 0x00 (0)
- [36] : 0x72 (114)
- [37] : 0x00 (0)
- [38] : 0x6f (111)
- [39] : 0x00 (0)
- [40] : 0x76 (118)
- [41] : 0x00 (0)
- [42] : 0x69 (105)
- [43] : 0x00 (0)
- [44] : 0x64 (100)
- [45] : 0x00 (0)
- [46] : 0x69 (105)
- [47] : 0x00 (0)
- [48] : 0x6e (110)
- [49] : 0x00 (0)
- [50] : 0x67 (103)
- [51] : 0x00 (0)
- [52] : 0x20 (32)
- [53] : 0x00 (0)
- [54] : 0x61 (97)
- [55] : 0x00 (0)
- [56] : 0x20 (32)
- [57] : 0x00 (0)
- [58] : 0x4e (78)
- [59] : 0x00 (0)
- [60] : 0x65 (101)
- [61] : 0x00 (0)
- [62] : 0x74 (116)
- [63] : 0x00 (0)
- [64] : 0x42 (66)
- [65] : 0x00 (0)
- [66] : 0x49 (73)
- [67] : 0x00 (0)
- [68] : 0x4f (79)
- [69] : 0x00 (0)
- [70] : 0x53 (83)
- [71] : 0x00 (0)
- [72] : 0x20 (32)
- [73] : 0x00 (0)
- [74] : 0x70 (112)
- [75] : 0x00 (0)
- [76] : 0x6f (111)
- [77] : 0x00 (0)
- [78] : 0x69 (105)
- [79] : 0x00 (0)
- [80] : 0x6e (110)
- [81] : 0x00 (0)
- [82] : 0x74 (116)
- [83] : 0x00 (0)
- [84] : 0x2d (45)
- [85] : 0x00 (0)
- [86] : 0x74 (116)
- [87] : 0x00 (0)
- [88] : 0x6f (111)
- [89] : 0x00 (0)
- [90] : 0x2d (45)
- [91] : 0x00 (0)
- [92] : 0x70 (112)
- [93] : 0x00 (0)
- [94] : 0x6f (111)
- [95] : 0x00 (0)
- [96] : 0x69 (105)
- [97] : 0x00 (0)
- [98] : 0x6e (110)
- [99] : 0x00 (0)
- [100] : 0x74 (116)
- [101] : 0x00 (0)
- [102] : 0x20 (32)
- [103] : 0x00 (0)
- [104] : 0x6e (110)
- [105] : 0x00 (0)
- [106] : 0x61 (97)
- [107] : 0x00 (0)
- [108] : 0x6d (109)
- [109] : 0x00 (0)
- [110] : 0x65 (101)
- [111] : 0x00 (0)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x73 (115)
- [115] : 0x00 (0)
- [116] : 0x65 (101)
- [117] : 0x00 (0)
- [118] : 0x72 (114)
- [119] : 0x00 (0)
- [120] : 0x76 (118)
- [121] : 0x00 (0)
- [122] : 0x65 (101)
- [123] : 0x00 (0)
- [124] : 0x72 (114)
- [125] : 0x00 (0)
- [126] : 0x28 (40)
- [127] : 0x00 (0)
- [128] : 0x6e (110)
- [129] : 0x00 (0)
- [130] : 0x6f (111)
- [131] : 0x00 (0)
- [132] : 0x74 (116)
- [133] : 0x00 (0)
- [134] : 0x20 (32)
- [135] : 0x00 (0)
- [136] : 0x72 (114)
- [137] : 0x00 (0)
- [138] : 0x65 (101)
- [139] : 0x00 (0)
- [140] : 0x6d (109)
- [141] : 0x00 (0)
- [142] : 0x6f (111)
- [143] : 0x00 (0)
- [144] : 0x74 (116)
- [145] : 0x00 (0)
- [146] : 0x65 (101)
- [147] : 0x00 (0)
- [148] : 0x6c (108)
- [149] : 0x00 (0)
- [150] : 0x79 (121)
- [151] : 0x00 (0)
- [152] : 0x20 (32)
- [153] : 0x00 (0)
- [154] : 0x6d (109)
- [155] : 0x00 (0)
- [156] : 0x61 (97)
- [157] : 0x00 (0)
- [158] : 0x6e (110)
- [159] : 0x00 (0)
- [160] : 0x61 (97)
- [161] : 0x00 (0)
- [162] : 0x67 (103)
- [163] : 0x00 (0)
- [164] : 0x65 (101)
- [165] : 0x00 (0)
- [166] : 0x61 (97)
- [167] : 0x00 (0)
- [168] : 0x62 (98)
- [169] : 0x00 (0)
- [170] : 0x6c (108)
- [171] : 0x00 (0)
- [172] : 0x65 (101)
- [173] : 0x00 (0)
- [174] : 0x29 (41)
- [175] : 0x00 (0)
- [176] : 0x00 (0)
- [177] : 0x00 (0)
- size : 0x000000b2 (178)
- [2012/09/23 22:42:33.036151, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.036255, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description]
- [2012/09/23 22:42:33.036318, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.036371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.036484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-5f50-3974d2240000
- [2012/09/23 22:42:33.036654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.036758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.036860, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.036912, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.036964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.037177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- in: struct winreg_CreateKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-5f50-3874d2240000
- name: struct winreg_String
- name_len : 0x0060 (96)
- name_size : 0x0060 (96)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\WINS\Security'
- keyclass: struct winreg_String
- name_len : 0x0002 (2)
- name_size : 0x0002 (2)
- name : *
- name : ''
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- secdesc : NULL
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- [2012/09/23 22:42:33.037959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.038073, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
- _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security'
- [2012/09/23 22:42:33.038129, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.038183, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.038235, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:33.038287, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:33.038342, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.038391, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.038442, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.038491, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.038558, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.038611, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:33.038664, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.038720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.038769, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.038820, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.038869, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.038937, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.038992, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.039043, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:33.039095, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.039150, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.039199, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.039251, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.039300, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.039381, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.039437, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
- [2012/09/23 22:42:33.039489, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [WINS]
- [2012/09/23 22:42:33.039540, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.039596, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.039645, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.039705, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.039755, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
- [2012/09/23 22:42:33.039825, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.039880, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Security]
- [2012/09/23 22:42:33.039932, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.039988, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
- [2012/09/23 22:42:33.040037, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
- [2012/09/23 22:42:33.040089, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.040138, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
- [2012/09/23 22:42:33.040202, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
- regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
- [2012/09/23 22:42:33.040256, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.040310, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.040414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CreateKey: struct winreg_CreateKey
- out: struct winreg_CreateKey
- new_handle : *
- new_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-5f50-3974d2240000
- action_taken : *
- action_taken : REG_OPENED_EXISTING_KEY (2)
- result : WERR_OK
- [2012/09/23 22:42:33.040702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- in: struct winreg_SetValue
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-5f50-3974d2240000
- name: struct winreg_String
- name_len : 0x0012 (18)
- name_size : 0x0012 (18)
- name : *
- name : 'Security'
- type : REG_BINARY (3)
- data : *
- data: ARRAY(120)
- [0] : 0x01 (1)
- [1] : 0x00 (0)
- [2] : 0x04 (4)
- [3] : 0x80 (128)
- [4] : 0x00 (0)
- [5] : 0x00 (0)
- [6] : 0x00 (0)
- [7] : 0x00 (0)
- [8] : 0x00 (0)
- [9] : 0x00 (0)
- [10] : 0x00 (0)
- [11] : 0x00 (0)
- [12] : 0x00 (0)
- [13] : 0x00 (0)
- [14] : 0x00 (0)
- [15] : 0x00 (0)
- [16] : 0x14 (20)
- [17] : 0x00 (0)
- [18] : 0x00 (0)
- [19] : 0x00 (0)
- [20] : 0x02 (2)
- [21] : 0x00 (0)
- [22] : 0x64 (100)
- [23] : 0x00 (0)
- [24] : 0x04 (4)
- [25] : 0x00 (0)
- [26] : 0x00 (0)
- [27] : 0x00 (0)
- [28] : 0x00 (0)
- [29] : 0x00 (0)
- [30] : 0x14 (20)
- [31] : 0x00 (0)
- [32] : 0x8d (141)
- [33] : 0x01 (1)
- [34] : 0x02 (2)
- [35] : 0x00 (0)
- [36] : 0x01 (1)
- [37] : 0x01 (1)
- [38] : 0x00 (0)
- [39] : 0x00 (0)
- [40] : 0x00 (0)
- [41] : 0x00 (0)
- [42] : 0x00 (0)
- [43] : 0x01 (1)
- [44] : 0x00 (0)
- [45] : 0x00 (0)
- [46] : 0x00 (0)
- [47] : 0x00 (0)
- [48] : 0x00 (0)
- [49] : 0x00 (0)
- [50] : 0x18 (24)
- [51] : 0x00 (0)
- [52] : 0xfd (253)
- [53] : 0x01 (1)
- [54] : 0x02 (2)
- [55] : 0x00 (0)
- [56] : 0x01 (1)
- [57] : 0x02 (2)
- [58] : 0x00 (0)
- [59] : 0x00 (0)
- [60] : 0x00 (0)
- [61] : 0x00 (0)
- [62] : 0x00 (0)
- [63] : 0x05 (5)
- [64] : 0x20 (32)
- [65] : 0x00 (0)
- [66] : 0x00 (0)
- [67] : 0x00 (0)
- [68] : 0x23 (35)
- [69] : 0x02 (2)
- [70] : 0x00 (0)
- [71] : 0x00 (0)
- [72] : 0x00 (0)
- [73] : 0x00 (0)
- [74] : 0x18 (24)
- [75] : 0x00 (0)
- [76] : 0xff (255)
- [77] : 0x01 (1)
- [78] : 0x0f (15)
- [79] : 0x00 (0)
- [80] : 0x01 (1)
- [81] : 0x02 (2)
- [82] : 0x00 (0)
- [83] : 0x00 (0)
- [84] : 0x00 (0)
- [85] : 0x00 (0)
- [86] : 0x00 (0)
- [87] : 0x05 (5)
- [88] : 0x20 (32)
- [89] : 0x00 (0)
- [90] : 0x00 (0)
- [91] : 0x00 (0)
- [92] : 0x25 (37)
- [93] : 0x02 (2)
- [94] : 0x00 (0)
- [95] : 0x00 (0)
- [96] : 0x00 (0)
- [97] : 0x00 (0)
- [98] : 0x18 (24)
- [99] : 0x00 (0)
- [100] : 0xff (255)
- [101] : 0x01 (1)
- [102] : 0x0f (15)
- [103] : 0x00 (0)
- [104] : 0x01 (1)
- [105] : 0x02 (2)
- [106] : 0x00 (0)
- [107] : 0x00 (0)
- [108] : 0x00 (0)
- [109] : 0x00 (0)
- [110] : 0x00 (0)
- [111] : 0x05 (5)
- [112] : 0x20 (32)
- [113] : 0x00 (0)
- [114] : 0x00 (0)
- [115] : 0x00 (0)
- [116] : 0x20 (32)
- [117] : 0x02 (2)
- [118] : 0x00 (0)
- [119] : 0x00 (0)
- size : 0x00000078 (120)
- [2012/09/23 22:42:33.043850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.043954, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
- _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security]
- [2012/09/23 22:42:33.044024, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
- tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
- [2012/09/23 22:42:33.044076, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:33.044129, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
- [2012/09/23 22:42:33.044197, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Security] len[120]
- [2012/09/23 22:42:33.044252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_SetValue: struct winreg_SetValue
- out: struct winreg_SetValue
- result : WERR_OK
- [2012/09/23 22:42:33.044364, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-5f50-3974d2240000
- [2012/09/23 22:42:33.044535, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.044638, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.044749, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.044800, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.044852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.045056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-5f50-3874d2240000
- [2012/09/23 22:42:33.045226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.045331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.045433, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.045485, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:42:33.045537, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.045739, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (2->1)
- [2012/09/23 22:42:33.045814, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg)
- Initialise the eventlog registry keys if needed.
- [2012/09/23 22:42:33.045871, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p)
- Create pipe requested \winreg
- [2012/09/23 22:42:33.045928, 10] rpc_server/rpc_handles.c:133(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg
- [2012/09/23 22:42:33.045985, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p)
- Created internal pipe \winreg (pipes_open=0)
- [2012/09/23 22:42:33.046047, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenHKLM: struct winreg_OpenHKLM
- in: struct winreg_OpenHKLM
- system_name : NULL
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2012/09/23 22:42:33.046344, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [HKLM]
- [2012/09/23 22:42:33.046396, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (1->2)
- [2012/09/23 22:42:33.046451, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM]
- [2012/09/23 22:42:33.046507, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM]
- [2012/09/23 22:42:33.046559, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.046607, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
- [2012/09/23 22:42:33.046678, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.046783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenHKLM: struct winreg_OpenHKLM
- out: struct winreg_OpenHKLM
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000b-0000-0000-5f50-3974d2240000
- result : WERR_OK
- [2012/09/23 22:42:33.046990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenKey: struct winreg_OpenKey
- in: struct winreg_OpenKey
- parent_handle : *
- parent_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000b-0000-0000-5f50-3974d2240000
- keyname: struct winreg_String
- name_len : 0x0056 (86)
- name_size : 0x0056 (86)
- name : *
- name : 'SYSTEM\CurrentControlSet\Services\Eventlog'
- options : 0x00000000 (0)
- 0: REG_OPTION_VOLATILE
- 0: REG_OPTION_CREATE_LINK
- 0: REG_OPTION_BACKUP_RESTORE
- 0: REG_OPTION_OPEN_LINK
- access_mask : 0x02000000 (33554432)
- 0: KEY_QUERY_VALUE
- 0: KEY_SET_VALUE
- 0: KEY_CREATE_SUB_KEY
- 0: KEY_ENUMERATE_SUB_KEYS
- 0: KEY_NOTIFY
- 0: KEY_CREATE_LINK
- 0: KEY_WOW64_64KEY
- 0: KEY_WOW64_32KEY
- [2012/09/23 22:42:33.047593, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.047699, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SYSTEM]
- [2012/09/23 22:42:33.047751, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (2->3)
- [2012/09/23 22:42:33.047806, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.047856, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.047906, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.047955, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
- [2012/09/23 22:42:33.048025, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [CurrentControlSet]
- [2012/09/23 22:42:33.048079, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:33.048134, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.048184, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.048244, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.048294, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
- [2012/09/23 22:42:33.048367, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Services]
- [2012/09/23 22:42:33.048420, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.048480, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.048530, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.048581, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.048630, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
- [2012/09/23 22:42:33.048714, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Eventlog]
- [2012/09/23 22:42:33.048768, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (5->6)
- [2012/09/23 22:42:33.048824, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.048874, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.048926, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.048975, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.049048, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (6->5)
- [2012/09/23 22:42:33.049102, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.049154, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.049206, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.049309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_OpenKey: struct winreg_OpenKey
- out: struct winreg_OpenKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-5f50-3974d2240000
- result : WERR_OK
- [2012/09/23 22:42:33.049518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_QueryInfoKey: struct winreg_QueryInfoKey
- in: struct winreg_QueryInfoKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-5f50-3974d2240000
- classname : *
- classname: struct winreg_String
- name_len : 0x0000 (0)
- name_size : 0x0000 (0)
- name : NULL
- [2012/09/23 22:42:33.049801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.049906, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
- fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f0ef0501340)
- [2012/09/23 22:42:33.049968, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.050040, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DisplayName] len[20]
- [2012/09/23 22:42:33.050096, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[ErrorControl] len[4]
- [2012/09/23 22:42:33.050151, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc)
- regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.050223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_QueryInfoKey: struct winreg_QueryInfoKey
- out: struct winreg_QueryInfoKey
- classname : *
- classname: struct winreg_String
- name_len : 0x0000 (0)
- name_size : 0x0000 (0)
- name : NULL
- num_subkeys : *
- num_subkeys : 0x00000000 (0)
- max_subkeylen : *
- max_subkeylen : 0x00000000 (0)
- max_classlen : *
- max_classlen : 0x00000000 (0)
- num_values : *
- num_values : 0x00000002 (2)
- max_valnamelen : *
- max_valnamelen : 0x0000001a (26)
- max_valbufsize : *
- max_valbufsize : 0x00000014 (20)
- secdescsize : *
- secdescsize : 0x00000078 (120)
- last_changed_time : *
- last_changed_time : NTTIME(0)
- result : WERR_OK
- [2012/09/23 22:42:33.050824, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- in: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-5f50-3974d2240000
- [2012/09/23 22:42:33.050997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.051102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
- [0010] D2 24 00 00 .$..
- [2012/09/23 22:42:33.051204, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
- Closed policy
- [2012/09/23 22:42:33.051255, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:42:33.051308, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
- winreg_CloseKey: struct winreg_CloseKey
- out: struct winreg_CloseKey
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : WERR_OK
- [2012/09/23 22:42:33.051586, 3] printing/pcap.c:138(pcap_cache_reload)
- reloading printcap cache
- [2012/09/23 22:42:33.051666, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- Locking key 5052494E5445524C4953
- [2012/09/23 22:42:33.051726, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- Allocated locked data 0x0x7f0ef1a0e4c0
- [2012/09/23 22:42:33.051855, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- Unlocking key 5052494E5445524C4953
- [2012/09/23 22:42:33.051950, 3] printing/pcap.c:189(pcap_cache_reload)
- reload status: ok
- [2012/09/23 22:42:33.052047, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:42:33.052111, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf)
- registry_init_smbconf called
- [2012/09/23 22:42:33.052162, 10] registry/reg_backend_db.c:504(regdb_init)
- regdb_init: incrementing refcount (2->3)
- [2012/09/23 22:42:33.052390, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
- [2012/09/23 22:42:33.052464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[Samba Printer Port] len[2]
- [2012/09/23 22:42:33.052519, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
- [2012/09/23 22:42:33.052591, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70]
- [2012/09/23 22:42:33.052646, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.052715, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DisplayName] len[20]
- [2012/09/23 22:42:33.052769, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[ErrorControl] len[4]
- [2012/09/23 22:42:33.052823, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
- regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
- [2012/09/23 22:42:33.052891, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[0]: name[DisplayName] len[20]
- [2012/09/23 22:42:33.052946, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
- regdb_unpack_values: value[1]: name[ErrorControl] len[4]
- [2012/09/23 22:42:33.053011, 10] registry/reg_cachehook.c:94(reghook_cache_add)
- reghook_cache_add: Adding ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
- [2012/09/23 22:42:33.053062, 8] lib/adt_tree.c:215(pathtree_add)
- pathtree_add: Enter
- [2012/09/23 22:42:33.053113, 10] lib/adt_tree.c:282(pathtree_add)
- pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree
- [2012/09/23 22:42:33.053162, 8] lib/adt_tree.c:284(pathtree_add)
- pathtree_add: Exit
- [2012/09/23 22:42:33.053212, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:42:33.053262, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (2->3)
- [2012/09/23 22:42:33.053313, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [HKLM]
- [2012/09/23 22:42:33.053363, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (3->4)
- [2012/09/23 22:42:33.053416, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM]
- [2012/09/23 22:42:33.053465, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM]
- [2012/09/23 22:42:33.053515, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.053563, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
- [2012/09/23 22:42:33.053633, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [SOFTWARE]
- [2012/09/23 22:42:33.053686, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.053740, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE]
- [2012/09/23 22:42:33.053789, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE]
- [2012/09/23 22:42:33.053840, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.053888, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE]
- [2012/09/23 22:42:33.053987, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [Samba]
- [2012/09/23 22:42:33.054043, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (5->6)
- [2012/09/23 22:42:33.054098, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba]
- [2012/09/23 22:42:33.054147, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba]
- [2012/09/23 22:42:33.054198, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.054246, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Samba]
- [2012/09/23 22:42:33.054317, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [smbconf]
- [2012/09/23 22:42:33.054370, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (6->7)
- [2012/09/23 22:42:33.054425, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf]
- [2012/09/23 22:42:33.054474, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf]
- [2012/09/23 22:42:33.054525, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.054574, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
- [2012/09/23 22:42:33.054643, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (7->6)
- [2012/09/23 22:42:33.054696, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (6->5)
- [2012/09/23 22:42:33.054748, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.054799, 5] param/loadparm.c:7280(process_registry_service)
- process_registry_service: service name printers
- [2012/09/23 22:42:33.054853, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [printers]
- [2012/09/23 22:42:33.054904, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.054959, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055008, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055059, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.055108, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055170, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
- key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
- [2012/09/23 22:42:33.055222, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.055276, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:42:33.055328, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:42:33.055377, 10] smbd/server_reload.c:53(reload_printers)
- reloading printer services from pcap cache
- [2012/09/23 22:42:33.055439, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:42:33.055490, 5] param/loadparm.c:7280(process_registry_service)
- process_registry_service: service name printers
- [2012/09/23 22:42:33.055541, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [printers]
- [2012/09/23 22:42:33.055591, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (4->5)
- [2012/09/23 22:42:33.055645, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055702, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055754, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:42:33.055803, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:42:33.055865, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
- key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
- [2012/09/23 22:42:33.055917, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (5->4)
- [2012/09/23 22:42:33.055970, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:42:33.056024, 3] printing/printing.c:1673(start_background_queue)
- start_background_queue: Starting background LPQ thread
- [2012/09/23 22:42:33.056608, 5] printing/printing.c:1696(start_background_queue)
- start_background_queue: background LPQ thread started
- [2012/09/23 22:42:33.056811, 10] lib/util_sock.c:680(open_socket_in)
- bind succeeded on port 445
- [2012/09/23 22:42:33.056878, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 0
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- [2012/09/23 22:42:33.057054, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- Locking key D3240000FFFFFFFF
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- [2012/09/23 22:42:33.057165, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- SO_RCVLOWAT = 1
- Allocated locked data 0x0x7f0ef1a09c50
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.057308, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- [2012/09/23 22:42:33.057354, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- SO_REUSEADDR = 1
- Unlocking key D3240000FFFFFFFF
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- [2012/09/23 22:42:33.057432, 5] printing/printing.c:1732(start_background_queue)
- TCP_KEEPCNT = 9
- start_background_queue: background LPQ thread waiting for messages
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.057776, 10] lib/util_sock.c:680(open_socket_in)
- bind succeeded on port 139
- [2012/09/23 22:42:33.057834, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 0
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.058202, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.058617, 10] lib/util_sock.c:680(open_socket_in)
- bind succeeded on port 445
- [2012/09/23 22:42:33.058674, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 0
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.059042, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.059462, 10] lib/util_sock.c:680(open_socket_in)
- bind succeeded on port 139
- [2012/09/23 22:42:33.059519, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 0
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.059885, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 16384
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:33.060271, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- Locking key D2240000FFFFFFFF
- [2012/09/23 22:42:33.060329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- Allocated locked data 0x0x7f0ef1a05600
- [2012/09/23 22:42:33.060402, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- Unlocking key D2240000FFFFFFFF
- [2012/09/23 22:42:33.060471, 10] smbd/process.c:920(event_add_idle)
- event_add_idle: idle_evt(parent_housekeeping) 0x7f0ef1a05f60
- [2012/09/23 22:42:33.060529, 5] lib/messages.c:300(messaging_register)
- Overriding messaging pointer for type 1 - private_data=(nil)
- [2012/09/23 22:42:33.060660, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (4->3)
- [2012/09/23 22:42:33.060720, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:42:33.060771, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe)
- close_policy_by_pipe: deleted handle list for pipe \winreg
- [2012/09/23 22:42:33.060840, 2] smbd/server.c:842(smbd_parent_loop)
- waiting for connections
- [2012/09/23 22:42:39.851400, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- Locking key D4240000FFFFFFFF
- [2012/09/23 22:42:39.851650, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- Allocated locked data 0x0x7f0ef1a02750
- [2012/09/23 22:42:39.851764, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- Unlocking key D4240000FFFFFFFF
- [2012/09/23 22:42:39.851879, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 23400
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:42:39.852447, 5] lib/util_sock.c:165(print_socket_options)
- Socket options:
- SO_KEEPALIVE = 1
- SO_REUSEADDR = 1
- SO_BROADCAST = 0
- TCP_NODELAY = 1
- TCP_KEEPCNT = 9
- TCP_KEEPIDLE = 7200
- TCP_KEEPINTVL = 75
- IPTOS_LOWDELAY = 0
- IPTOS_THROUGHPUT = 0
- SO_SNDBUF = 23400
- SO_RCVBUF = 87380
- SO_SNDLOWAT = 1
- SO_RCVLOWAT = 1
- SO_SNDTIMEO = 0
- SO_RCVTIMEO = 0
- TCP_QUICKACK = 1
- [2012/09/23 22:43:00.859602, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- Locking key D4240000FFFFFFFF
- [2012/09/23 22:43:00.859755, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- Allocated locked data 0x0x7f0ef1a05a00
- [2012/09/23 22:43:00.859853, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- Unlocking key D4240000FFFFFFFF
- [2012/09/23 22:43:33.093287, 10] lib/events.c:221(run_events_poll)
- Running timed event "smbd_idle_event_handler" 0x7f0ef1a05f60
- [2012/09/23 22:43:33.093462, 10] smbd/process.c:863(smbd_idle_event_handler)
- smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called
- [2012/09/23 22:43:33.093568, 5] smbd/server.c:627(smbd_parent_housekeeping)
- parent housekeeping
- [2012/09/23 22:43:33.093645, 3] smbd/server.c:632(smbd_parent_housekeeping)
- Printcap cache time expired.
- [2012/09/23 22:43:33.093720, 3] printing/pcap.c:138(pcap_cache_reload)
- reloading printcap cache
- [2012/09/23 22:43:33.093817, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
- Locking key 5052494E5445524C4953
- [2012/09/23 22:43:33.093914, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
- Allocated locked data 0x0x7f0ef1a02750
- [2012/09/23 22:43:33.094038, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
- Unlocking key 5052494E5445524C4953
- [2012/09/23 22:43:33.094224, 3] printing/pcap.c:189(pcap_cache_reload)
- reload status: ok
- [2012/09/23 22:43:33.094387, 10] lib/messages_local.c:255(messaging_tdb_store)
- messaging_tdb_store:
- [2012/09/23 22:43:33.094469, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
- array: struct messaging_array
- num_messages : 0x00000001 (1)
- messages: ARRAY(1)
- messages: struct messaging_rec
- msg_version : 0x00000002 (2)
- msg_type : MSG_PRINTER_PCAP (519)
- dest: struct server_id
- pid : 0x000024d3 (9427)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- src: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- buf : DATA_BLOB length=0
- [2012/09/23 22:43:33.095181, 10] lib/messages_local.c:255(messaging_tdb_store)
- [2012/09/23 22:43:33.095192, 10] lib/messages_local.c:74(messaging_tdb_signal_handler)
- messaging_tdb_signal_handler: sig[10] count[1] msgs[1]
- [2012/09/23 22:43:33.095314, 10] lib/messages_local.c:466(message_dispatch)
- message_dispatch: received_messages = 1
- [2012/09/23 22:43:33.095489, 10] lib/messages_local.c:215(messaging_tdb_fetch)
- messaging_tdb_fetch:
- [2012/09/23 22:43:33.095571, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
- result: struct messaging_array
- num_messages : 0x00000001 (1)
- messages: ARRAY(1)
- messages: struct messaging_rec
- msg_version : 0x00000002 (2)
- msg_type : MSG_PRINTER_PCAP (519)
- dest: struct server_id
- pid : 0x000024d3 (9427)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- src: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- buf : DATA_BLOB length=0
- messaging_tdb_store:
- [2012/09/23 22:43:33.096235, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
- array: struct messaging_array
- num_messages : 0x00000001 (1)
- messages: ARRAY(1)
- messages: struct messaging_rec
- msg_version : 0x00000002 (2)
- msg_type : MSG_PRINTER_PCAP (519)
- dest: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- src: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- buf : DATA_BLOB length=0
- [2012/09/23 22:43:33.096839, 10] smbd/process.c:874(smbd_idle_event_handler)
- smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled
- [2012/09/23 22:43:33.096929, 10] lib/messages_local.c:74(messaging_tdb_signal_handler)
- messaging_tdb_signal_handler: sig[10] count[1] msgs[1]
- [2012/09/23 22:43:33.097006, 10] lib/messages_local.c:466(message_dispatch)
- message_dispatch: received_messages = 1
- [2012/09/23 22:43:33.097097, 10] lib/messages_local.c:215(messaging_tdb_fetch)
- messaging_tdb_fetch:
- [2012/09/23 22:43:33.097171, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
- result: struct messaging_array
- num_messages : 0x00000001 (1)
- messages: ARRAY(1)
- messages: struct messaging_rec
- msg_version : 0x00000002 (2)
- msg_type : MSG_PRINTER_PCAP (519)
- dest: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- src: struct server_id
- pid : 0x000024d2 (9426)
- vnn : 0xffffffff (4294967295)
- unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
- buf : DATA_BLOB length=0
- [2012/09/23 22:43:33.097776, 10] smbd/server.c:130(smb_pcap_updated)
- Got message saying pcap was updated. Reloading.
- [2012/09/23 22:43:33.097854, 4] smbd/sec_ctx.c:314(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
- [2012/09/23 22:43:33.097930, 5] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2012/09/23 22:43:33.098004, 5] auth/token_util.c:527(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2012/09/23 22:43:33.098124, 5] smbd/uid.c:400(change_to_root_user)
- change_to_root_user: now uid=(0,0) gid=(0,0)
- [2012/09/23 22:43:33.098221, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:43:33.098299, 5] param/loadparm.c:7280(process_registry_service)
- process_registry_service: service name printers
- [2012/09/23 22:43:33.098377, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [printers]
- [2012/09/23 22:43:33.098455, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (2->3)
- [2012/09/23 22:43:33.098540, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.098615, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.098694, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:43:33.098768, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.098868, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
- key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
- [2012/09/23 22:43:33.098947, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:43:33.099029, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:43:33.099108, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:43:33.099182, 10] smbd/server_reload.c:53(reload_printers)
- reloading printer services from pcap cache
- [2012/09/23 22:43:33.099277, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
- [2012/09/23 22:43:33.099354, 5] param/loadparm.c:7280(process_registry_service)
- process_registry_service: service name printers
- [2012/09/23 22:43:33.099444, 7] registry/reg_api.c:141(regkey_open_onelevel)
- regkey_open_onelevel: name = [printers]
- [2012/09/23 22:43:33.099521, 10] registry/reg_backend_db.c:583(regdb_open)
- regdb_open: incrementing refcount (2->3)
- [2012/09/23 22:43:33.099603, 10] registry/reg_cachehook.c:122(reghook_cache_find)
- reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.099677, 10] lib/adt_tree.c:367(pathtree_find)
- pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.099755, 10] lib/adt_tree.c:440(pathtree_find)
- pathtree_find: Exit
- [2012/09/23 22:43:33.099829, 10] registry/reg_cachehook.c:127(reghook_cache_find)
- reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
- [2012/09/23 22:43:33.099924, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
- key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
- [2012/09/23 22:43:33.100002, 10] registry/reg_backend_db.c:619(regdb_close)
- regdb_close: decrementing refcount (3->2)
- [2012/09/23 22:43:33.100084, 7] param/loadparm.c:9834(lp_servicenumber)
- lp_servicenumber: couldn't find printers
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement