[2007/04/05 12:06:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/04/05 12:06:38, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x64 [2007/04/05 12:06:38, 3] smbd/process.c:process_smb(1068) Transaction 12 of length 104 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28608 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2007/04/05 12:06:38, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2007/04/05 12:06:38, 3] smbd/process.c:switch_message(926) switch message SMBntcreateX (pid 22199) conn 0x46b5e0 [2007/04/05 12:06:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/05 12:06:38, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1983400870-1501700471-923749875-500 contains 15 SIDs SID[ 0]: S-1-5-21-1983400870-1501700471-923749875-500 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1 SID[ 6]: S-1-22-2-2 SID[ 7]: S-1-22-2-3 SID[ 8]: S-1-22-2-4 SID[ 9]: S-1-22-2-5 SID[ 10]: S-1-22-2-6 SID[ 11]: S-1-22-2-7 SID[ 12]: S-1-22-2-8 SID[ 13]: S-1-22-2-9 SID[ 14]: S-1-22-2-12 SE_PRIV 0x0 0x0 0x0 0x0 [2007/04/05 12:06:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 11 supplementary groups Group[ 0]: 0 Group[ 1]: 1 Group[ 2]: 2 Group[ 3]: 3 Group[ 4]: 4 Group[ 5]: 5 Group[ 6]: 6 Group[ 7]: 7 Group[ 8]: 8 Group[ 9]: 9 Group[ 10]: 12 [2007/04/05 12:06:38, 5] smbd/uid.c:change_to_user(265) change_to_user uid=(0,0) gid=(0,0) [2007/04/05 12:06:38, 10] smbd/nttrans.c:reply_ntcreate_and_X(492) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2007/04/05 12:06:38, 4] smbd/nttrans.c:nt_open_pipe(328) nt_open_pipe: Opening pipe \srvsvc. [2007/04/05 12:06:38, 3] smbd/nttrans.c:nt_open_pipe(349) nt_open_pipe: Known pipe srvsvc opening. [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested srvsvc (pipes_open=1) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name samr pnum=7786 [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested srvsvc [2007/04/05 12:06:38, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2007/04/05 12:06:38, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe srvsvc (pipes_open=1) [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe srvsvc with handle 7787 (pipes_open=2) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name srvsvc pnum=7787 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name samr pnum=7786 [2007/04/05 12:06:38, 5] smbd/nttrans.c:do_ntcreate_pipe_open(404) do_ntcreate_pipe_open: open pipe = \srvsvc [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28608 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=34560 (0x8700) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/05 12:06:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/04/05 12:06:38, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x88 [2007/04/05 12:06:38, 3] smbd/process.c:process_smb(1068) Transaction 13 of length 140 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28672 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30599 (0x7787) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/04/05 12:06:38, 10] lib/util.c:dump_data(2249) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 î....... .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/04/05 12:06:38, 3] smbd/process.c:switch_message(926) switch message SMBwriteX (pid 22199) conn 0x46b5e0 [2007/04/05 12:06:38, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7787 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name srvsvc pnum=7787 (pipes_open=2) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=2) [2007/04/05 12:06:38, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7787 name: srvsvc open: Yes len: 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0048 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/04/05 12:06:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0000 max_tsize: 10b8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0002 max_rsize: 10b8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 assoc_gid: 00000000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0008 num_contexts: 01 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000c context_id : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000e num_transfer_syntaxes: 01 [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/04/05 12:06:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 data : 4b324fc8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 data : 1670 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 data : 01d3 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0018 data : 12 78 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001a data : 5a 47 bf 6e e1 88 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 version: 00000003 [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/04/05 12:06:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 data : 8a885d04 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0028 data : 1ceb [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002a data : 11c9 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002c data : 9f e8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002e data : 08 00 2b 10 48 60 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 version: 00000002 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/04/05 12:06:38, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\srvsvc [2007/04/05 12:06:38, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/04/05 12:06:38, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/04/05 12:06:38, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2007/04/05 12:06:38, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2007/04/05 12:06:38, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0000 max_tsize: 10b8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0002 max_rsize: 10b8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 assoc_gid: 000053f0 [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 len: 000d [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000a str: \PIPE\ntsvcs. [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_results: 01 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001c result : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001e reason : 0000 [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/04/05 12:06:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 data : 8a885d04 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 data : 1ceb [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 data : 11c9 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0028 data : 9f e8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002a data : 08 00 2b 10 48 60 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 version: 00000002 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/04/05 12:06:38, 3] smbd/pipes.c:reply_pipe_write_and_X(232) writeX-IPC pnum=7787 nwritten=72 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28672 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/04/05 12:06:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/04/05 12:06:38, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x3b [2007/04/05 12:06:38, 3] smbd/process.c:process_smb(1068) Transaction 14 of length 63 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28736 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30599 (0x7787) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/04/05 12:06:38, 3] smbd/process.c:switch_message(926) switch message SMBreadX (pid 22199) conn 0x46b5e0 [2007/04/05 12:06:38, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7787 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name srvsvc pnum=7787 (pipes_open=2) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=2) [2007/04/05 12:06:38, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7787 name: srvsvc len: 1024 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/04/05 12:06:38, 3] smbd/pipes.c:reply_pipe_read_and_X(277) readX-IPC pnum=7787 min=1024 max=1024 nread=68 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28736 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/04/05 12:06:38, 10] lib/util.c:dump_data(2249) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C ¸.¸.ðS.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [040] 02 00 00 00 .... [2007/04/05 12:06:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 156 [2007/04/05 12:06:38, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x9c [2007/04/05 12:06:38, 3] smbd/process.c:process_smb(1068) Transaction 15 of length 160 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28800 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30599 (0x7787) smb_bcc=89 [2007/04/05 12:06:38, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 30 00 00 00 00 00 15 00 14 EE 12 00 0D 00 00 .0...... ..î..... [030] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 4D 00 41 ........ .\.\.M.A [040] 00 49 00 4E 00 53 00 45 00 52 00 56 00 45 00 52 .I.N.S.E .R.V.E.R [050] 00 00 00 48 60 64 00 00 00 ...H`d.. . [2007/04/05 12:06:38, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:06:38, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:06:38, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2007/04/05 12:06:38, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:06:38, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:06:38, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7787 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name srvsvc pnum=7787 (pipes_open=2) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=2) [2007/04/05 12:06:38, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "srvsvc" (pnum 7787) [2007/04/05 12:06:38, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46ef30 max_trans_reply: 1024 [2007/04/05 12:06:38, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7787 name: srvsvc open: Yes len: 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0048 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000030 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0015 [2007/04/05 12:06:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 67 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\srvsvc [2007/04/05 12:06:38, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2007/04/05 12:06:38, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[11].fn == 13fbc8 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_q_net_srv_get_info [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 ptr_srv_name : 0012ee14 [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 uni_max_len: 0000000d [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 offset : 00000000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c uni_str_len: 0000000d [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0010 buffer : \.\.M.A.I.N.S.E.R.V.E.R... [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c switch_value : 00000064 [2007/04/05 12:06:38, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1187) srv_net_srv_get_info: 1187 [2007/04/05 12:06:38, 5] rpc_parse/parse_srv.c:init_srv_info_100(2637) init_srv_info_100 [2007/04/05 12:06:38, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(2913) init_srv_r_net_srv_get_info [2007/04/05 12:06:38, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1232) srv_net_srv_get_info: 1232 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_r_net_srv_get_info [2007/04/05 12:06:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_info_ctr ctr [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 switch_value: 00000064 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 ptr_srv_ctr : 00000001 [2007/04/05 12:06:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 srv_io_info_100 sv100 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 platform_id : 000001f4 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c ptr_name : 00000001 [2007/04/05 12:06:38, 8] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_unistr2 uni_name [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 uni_max_len: 0000000b [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 offset : 00000000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 uni_str_len: 0000000b [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 001c buffer : M.A.I.N.S.E.R.V.E.R... [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_werror(826) 0034 status: WERR_OK [2007/04/05 12:06:38, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called srvsvc successfully [2007/04/05 12:06:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 156 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/04/05 12:06:38, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7787 name: srvsvc len: 1024 [2007/04/05 12:06:38, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 56. [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0050 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000038 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:06:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:06:38, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..80] [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28800 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2007/04/05 12:06:38, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... [010] 00 38 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .8...... .d...... [020] 00 F4 01 00 00 01 00 00 00 0B 00 00 00 00 00 00 .ô...... ........ [030] 00 0B 00 00 00 4D 00 41 00 49 00 4E 00 53 00 45 .....M.A .I.N.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 00 00 00 00 00 .R.V.E.R ........ [050] 00 . [2007/04/05 12:06:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/04/05 12:06:38, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x29 [2007/04/05 12:06:38, 3] smbd/process.c:process_smb(1068) Transaction 16 of length 45 [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28864 smt_wct=3 smb_vwv[ 0]=30599 (0x7787) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/04/05 12:06:38, 3] smbd/process.c:switch_message(926) switch message SMBclose (pid 22199) conn 0x46b5e0 [2007/04/05 12:06:38, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7787 [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name srvsvc pnum=7787 (pipes_open=2) [2007/04/05 12:06:38, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=2) [2007/04/05 12:06:38, 5] smbd/pipes.c:reply_pipe_close(297) reply_pipe_close: pnum:7787 [2007/04/05 12:06:38, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe srvsvc [2007/04/05 12:06:38, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name srvsvc pnum=7787 (pipes_open=1) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(484) [2007/04/05 12:06:38, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=28864 smt_wct=0 smb_bcc=0 [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 178 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xb2 [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 17 of length 182 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28928 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=111 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 5E 00 00 00 2F 00 00 ........ .^.../.. [020] 00 46 00 00 00 00 00 11 00 00 00 00 00 00 00 00 .F...... ........ [030] 2E 00 00 00 00 14 46 76 C8 6A 56 00 00 01 00 00 ......Fv ÈjV..... [040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 0E 00 10 .è...... ........ [050] 00 D0 9D 32 00 08 00 00 00 00 00 00 00 07 00 00 .Ð.2.... ........ [060] 00 62 00 6F 00 75 00 62 00 6F 00 75 00 32 00 .b.o.u.b .o.u.2. [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=94 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 94 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 94 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 78 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 005e [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000002f [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 78 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000046 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0011 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[19].fn == 16c30c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_names [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 2e000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 76 c8 6a 56 00 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 num_names1: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 flags : 000003e8 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c ptr : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 num_names2: 00000001 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 uni_str_len: 000e [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 uni_max_len: 0010 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 buffer : 00329dd0 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c uni_max_len: 00000008 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 uni_str_len: 00000007 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0038 buffer : b.o.u.b.o.u.2. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1484) _samr_lookup_names: 1484 [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(176) Policy not found: [000] 00 00 00 00 2E 00 00 00 00 00 00 00 14 46 76 C8 ........ .....FvÈ [010] 6A 56 00 00 jV.. [2007/04/05 12:07:05, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4893) init_samr_r_lookup_names [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_names [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 num_rids1: 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 ptr_rids : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 num_types1: 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c ptr_types : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0010 status: NT_STATUS_OBJECT_TYPE_MISMATCH [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2293) api_rpcTNP: bad handle fault return. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 23 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0020 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000002f [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(795) 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c reserved: 00000000 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 40 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 78 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2007/04/05 12:07:05, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28928 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 2F 00 00 ....#... . .../.. [010] 00 00 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 ........ ........ [020] 00 . [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 172 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xac [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 18 of length 176 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28992 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=105 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 30 00 00 ........ .X...0.. [020] 00 40 00 00 00 00 00 40 00 38 0B 15 00 0D 00 00 .@.....@ .8...... [030] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 4D 00 41 ........ .\.\.M.A [040] 00 49 00 4E 00 53 00 45 00 52 00 56 00 45 00 52 .I.N.S.E .R.V.E.R [050] 00 00 00 32 00 30 00 00 00 01 00 00 00 01 00 00 ...2.0.. ........ [060] 00 03 00 00 00 00 00 00 00 ........ . [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=88 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 88 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 88 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0058 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000030 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000040 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0040 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[49].fn == 16d994 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect5 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 ptr_srv_name: 00150b38 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 uni_max_len: 0000000d [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c uni_str_len: 0000000d [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0010 buffer : \.\.M.A.I.N.S.E.R.V.E.R... [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c access_mask: 00000030 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 level: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 level: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0038 info1_unk1: 00000003 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 003c info1_unk2: 00000000 [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2829) _samr_connect5: 2829 [2007/04/05 12:07:05, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000030, for NT token with 15 entries and first sid S-1-5-21-1983400870-1501700471-923749875-500. [2007/04/05 12:07:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/04/05 12:07:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1983400870-1501700471-923749875-500 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1 se_access_check: also S-1-22-2-2 se_access_check: also S-1-22-2-3 se_access_check: also S-1-22-2-4 se_access_check: also S-1-22-2-5 se_access_check: also S-1-22-2-6 se_access_check: also S-1-22-2-7 se_access_check: also S-1-22-2-8 se_access_check: also S-1-22-2-9 se_access_check: also S-1-22-2-12 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 [2007/04/05 12:07:05, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (30) granted. [2007/04/05 12:07:05, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(213) _samr_connect5: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2007/04/05 12:07:05, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(329) get_samr_info_by_sid: created new info for sid (NULL) [2007/04/05 12:07:05, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(334) get_samr_info_by_sid: created new info for NULL sid. [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2861) _samr_connect: 2861 [2007/04/05 12:07:05, 5] rpc_parse/parse_samr.c:init_samr_r_connect5(7144) init_samr_q_connect5 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect5 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 level: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 level: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 info1_unk1: 00000003 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c info1_unk2: 00000000 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_pol_hnd connect_pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 data : 01000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0024 status: NT_STATUS_OK [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 982 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 72 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0040 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000030 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000028 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:05, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..64] [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=28992 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 40 00 00 00 30 00 00 ........ .@...0.. [010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ [020] 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 01 00 00 00 00 14 46 49 CA B7 56 00 00 00 00 00 ......FI Ê·V..... [040] 00 . [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x88 [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 19 of length 140 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29056 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=69 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 31 00 00 ........ .4...1.. [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 00 00 00 ........ ........ [030] 01 00 00 00 00 14 46 49 CA B7 56 00 00 00 00 00 ......FI Ê·V..... [040] 00 00 20 00 00 .. .. [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=52 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 52 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 52 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0034 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000031 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 0000001c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0006 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 16dd84 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_enum_domains [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 01000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 start_idx: 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 max_size : 00002000 [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(225) _samr_enum_domains: access check ((granted: 0000000030; required: 0000000010) [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2922) make_enum_domains [2007/04/05 12:07:05, 10] rpc_parse/parse_samr.c:init_sam_entry(1400) init_sam_entry: 0 [2007/04/05 12:07:05, 10] rpc_parse/parse_samr.c:init_sam_entry(1400) init_sam_entry: 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3282) init_samr_r_enum_domains [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_enum_domains [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 next_idx : 00000002 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 ptr_entries1: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 num_entries2: 00000002 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c ptr_entries2: 00000001 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 num_entries3: 00000002 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sam_io_sam_entry dom[0] [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 rid: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_unihdr unihdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 uni_str_len: 000c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001a uni_max_len: 000c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c buffer : 00000001 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 sam_io_sam_entry dom[1] [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 rid: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr unihdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 uni_str_len: 000e [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 uni_max_len: 000e [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 buffer : 00000001 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 dom[0] [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c uni_max_len: 00000006 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 uni_str_len: 00000006 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0038 buffer : D.O.M.A.I.N. [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_unistr2 dom[1] [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 uni_max_len: 00000007 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0048 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 004c uni_str_len: 00000007 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0050 buffer : B.u.i.l.t.i.n. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0060 num_entries4: 00000002 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0064 status: NT_STATUS_OK [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 86 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 36 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 104. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0080 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000031 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000068 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:05, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..128] [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29056 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 128 (0x80) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 80 00 00 00 31 00 00 ........ .....1.. [010] 00 68 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .h...... ........ [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ [030] 00 0C 00 0C 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ [040] 00 01 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [050] 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 07 00 00 .D.O.M.A .I.N.... [060] 00 00 00 00 00 07 00 00 00 42 00 75 00 69 00 6C ........ .B.u.i.l [070] 00 74 00 69 00 6E 00 00 00 02 00 00 00 00 00 00 .t.i.n.. ........ [080] 00 . [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 20 of length 164 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29120 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=93 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 32 00 00 ........ .L...2.. [020] 00 34 00 00 00 00 00 05 00 00 00 00 00 00 00 00 .4...... ........ [030] 01 00 00 00 00 14 46 49 CA B7 56 00 00 0C 00 0C ......FI Ê·V..... [040] 00 E0 18 15 00 06 00 00 00 00 00 00 00 06 00 00 .à...... ........ [050] 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 .D.O.M.A .I.N. [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=76 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 004c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000032 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000034 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0005 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[41].fn == 16db80 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_domain [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 01000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_domain [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 uni_str_len: 000c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 uni_max_len: 000c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 buffer : 001518e0 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_domain [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c uni_max_len: 00000006 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 uni_str_len: 00000006 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0028 buffer : D.O.M.A.I.N. [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(225) _samr_lookup_domain: access check ((granted: 0000000030; required: 0000000020) [2007/04/05 12:07:05, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2904) Returning domain sid for domain DOMAIN -> S-1-5-21-1983400870-1501700471-923749875 [2007/04/05 12:07:05, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136) init_samr_r_lookup_domain [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_domain [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 ptr: 00000001 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_dom_sid2 sid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 num_auths: 00000004 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_dom_sid sid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0008 sid_rev_num: 01 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0009 num_auths : 04 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000a id_auth[0] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000b id_auth[1] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000c id_auth[2] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000d id_auth[3] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000e id_auth[4] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 000f id_auth[5] : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32s(993) 0010 sub_auths : 00000015 76384ba6 59822177 370f4df3 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0020 status: NT_STATUS_OK [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 12 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 60 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 003c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000032 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000024 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:05, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29120 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 32 00 00 ........ .<...2.. [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 A6 4B 38 ........ .....¦K8 [030] 76 77 21 82 59 F3 4D 0F 37 00 00 00 00 vw!.YóM. 7.... [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 21 of length 164 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29184 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=93 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 33 00 00 ........ .L...3.. [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 00 00 00 .4...... ........ [030] 01 00 00 00 00 14 46 49 CA B7 56 00 00 20 02 00 ......FI Ê·V.. .. [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 A6 4B 38 76 77 21 82 59 F3 4D 0F 37 .¦K8vw!. YóM.7 [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=76 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 004c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000033 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000034 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0007 [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[39].fn == 16b214 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 01000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 flags: 00000220 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 num_auths: 00000004 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001c sid_rev_num: 01 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001d num_auths : 04 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e id_auth[0] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001f id_auth[1] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0020 id_auth[2] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0021 id_auth[3] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0022 id_auth[4] : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0023 id_auth[5] : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32s(993) 0024 sub_auths : 00000015 76384ba6 59822177 370f4df3 [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(225) _samr_open_domain: access check ((granted: 0000000030; required: 0000000020) [2007/04/05 12:07:05, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000220, for NT token with 15 entries and first sid S-1-5-21-1983400870-1501700471-923749875-500. [2007/04/05 12:07:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/04/05 12:07:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1983400870-1501700471-923749875-500 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1 se_access_check: also S-1-22-2-2 se_access_check: also S-1-22-2-3 se_access_check: also S-1-22-2-4 se_access_check: also S-1-22-2-5 se_access_check: also S-1-22-2-6 se_access_check: also S-1-22-2-7 se_access_check: also S-1-22-2-8 se_access_check: also S-1-22-2-9 se_access_check: also S-1-22-2-12 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 220 se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f07ff, current desired = 20 se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-548 mask = f07ff, current desired = 20 se_access_check: ACE 3: type 0, flags = 0x00, SID = S-1-5-21-1983400870-1501700471-923749875-512 mask = f07ff, current desired = 20 [2007/04/05 12:07:05, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (220) denied. [2007/04/05 12:07:05, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(195) _samr_open_domain: ACCESS should be DENIED (requested: 0000000220) but overritten by euid == sec_initial_uid() [2007/04/05 12:07:05, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(213) _samr_open_domain: access GRANTED (requested: 0x00000220, granted: 0x000d067a) [2007/04/05 12:07:05, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(329) get_samr_info_by_sid: created new info for sid S-1-5-21-1983400870-1501700471-923749875 [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(633) samr_open_domain: 633 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 02000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 956 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 60 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000033 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:05, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29184 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 33 00 00 ........ .0...3.. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 02 00 00 00 00 14 46 49 CA B7 56 00 00 00 00 00 ......FI Ê·V..... [030] 00 . [2007/04/05 12:07:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 168 [2007/04/05 12:07:05, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa8 [2007/04/05 12:07:05, 3] smbd/process.c:process_smb(1068) Transaction 22 of length 172 [2007/04/05 12:07:05, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:05, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29248 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=101 [2007/04/05 12:07:05, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 34 00 00 ........ .T...4.. [020] 00 3C 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 .<...... ........ [030] 02 00 00 00 00 14 46 49 CA B7 56 00 00 0E 00 10 ......FI Ê·V..... [040] 00 D8 A3 32 00 08 00 00 00 00 00 00 00 07 00 00 .Ø£2.... ........ [050] 00 62 00 6F 00 75 00 62 00 6F 00 75 00 32 00 00 .b.o.u.b .o.u.2.. [060] 00 02 00 01 00 ..... [2007/04/05 12:07:05, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:05, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:05, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=84 params=0 setup=2 [2007/04/05 12:07:05, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:05, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:05, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:05, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:05, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:05, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 84 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 84 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0054 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000034 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2007/04/05 12:07:05, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 0000003c [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 000a [2007/04/05 12:07:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0xa - api_rpcTNP: rpc command: SAMR_CREATE_DOM_GROUP [2007/04/05 12:07:05, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[17].fn == 16f7e8 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_create_dom_group [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:05, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 02000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_acct_desc [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 uni_str_len: 000e [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 uni_max_len: 0010 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 buffer : 0032a3d8 [2007/04/05 12:07:05, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_acct_desc [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c uni_max_len: 00000008 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 offset : 00000000 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 uni_str_len: 00000007 [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0028 buffer : b.o.u.b.o.u.2. [2007/04/05 12:07:05, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0038 access: 00010002 [2007/04/05 12:07:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:05, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(225) _samr_create_dom_group: access check ((granted: 00000d067a; required: 0000000020) [2007/04/05 12:07:05, 10] rpc_server/srv_samr_nt.c:can_create(2495) Checking whether [boubou2] can be created [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 3] smbd/uid.c:push_conn_ctx(350) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/05 12:07:05, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: boubou2 => (domain), boubou2 (name) [2007/04/05 12:07:05, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) map_name_to_wellknown_sid: looking up boubou2 [2007/04/05 12:07:05, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/04/05 12:07:05, 3] smbd/uid.c:push_conn_ctx(350) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/05 12:07:05, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [dc=eib,dc=org], filter => [(&(uid=boubou2)(objectclass=sambaSamAccount))], scope => [2] [2007/04/05 12:07:05, 10] lib/smbldap.c:smb_ldap_setup_conn(629) smb_ldap_setup_connection: ldap://192.168.245.40:389 [2007/04/05 12:07:05, 2] lib/smbldap.c:smbldap_open_connection(785) smbldap_open_connection: connection opened [2007/04/05 12:07:05, 10] lib/smbldap.c:smbldap_connect_system(950) ldap_connect_system: Binding to ldap server ldap://192.168.245.40:389 as "cn=Directory Manager" [2007/04/05 12:07:05, 3] lib/smbldap.c:smbldap_connect_system(996) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does not support paged results [2007/04/05 12:07:05, 4] lib/smbldap.c:smbldap_open(1064) The LDAP server is succesfully connected [2007/04/05 12:07:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1397) ldapsam_getsampwnam: Unable to locate user [boubou2] count=0 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/04/05 12:07:05, 3] smbd/uid.c:push_conn_ctx(350) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/05 12:07:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/05 12:07:05, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [ou=group,dc=eib,dc=org], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=boubou2)(cn=boubou2)))], scope => [2] [2007/04/05 12:07:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2231) ldapsam_getgroup: Did not find group [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/05 12:07:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/05 12:07:05, 10] rpc_server/srv_samr_nt.c:can_create(2505) boubou2 does not exist, can create it [2007/04/05 12:07:05, 10] lib/smbrun.c:setup_out_fd(46) setup_out_fd: Created tmp file /tmp/smb.29a4wR [2007/04/05 12:07:07, 3] groupdb/mapping.c:smb_create_group(233) smb_create_group: Running the command `/usr/local/bin/smbldap-tools/smbldap-groupadd -a 'boubou2'' gave 0 [2007/04/05 12:07:07, 2] lib/smbldap_util.c:smbldap_search_domain_info(256) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [dc=eib,dc=org], filter => [(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))], scope => [2] [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_talloc_single_attribute(317) attribute sambaNextUserRid does not exist [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_talloc_single_attribute(317) attribute sambaNextGroupRid does not exist [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(518) smbldap_make_mod: deleting attribute |sambaNextRid| values |1014| [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(527) smbldap_make_mod: adding attribute |sambaNextRid| value |1015| [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_modify(1376) smbldap_modify: dn => [sambaDomainName=DOMAIN,dc=eib,dc=org] [2007/04/05 12:07:07, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1501) lookup_global_sam_rid: looking up RID 1015. [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/04/05 12:07:07, 3] smbd/uid.c:push_conn_ctx(350) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/05 12:07:07, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/05 12:07:07, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [dc=eib,dc=org], filter => [(&(sambaSID=S-1-5-21-1983400870-1501700471-923749875-1015)(objectclass=sambaSamAccount))], scope => [2] [2007/04/05 12:07:07, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1492) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1983400870-1501700471-923749875-1015] count=0 [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [ou=group,dc=eib,dc=org], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1983400870-1501700471-923749875-1015))], scope => [2] [2007/04/05 12:07:07, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2231) ldapsam_getgroup: Did not find group [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [dc=eib,dc=org], filter => [(sambaSid=S-1-5-21-1983400870-1501700471-923749875-1015)], scope => [2] [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_search_ext(1181) smbldap_search_ext: base => [dc=eib,dc=org], filter => [(&(objectClass=posixGroup)(gidNumber=1018))], scope => [2] [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(518) smbldap_make_mod: deleting attribute |sambaSid| values |S-1-5-21-1983400870-1501700471-923749875-3037| [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(527) smbldap_make_mod: adding attribute |sambaSid| value |S-1-5-21-1983400870-1501700471-923749875-1015| [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(502) smbldap_make_mod: attribute |sambaGroupType| not changed. [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_make_mod(502) smbldap_make_mod: attribute |displayName| not changed. [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [description] = [] [2007/04/05 12:07:07, 5] lib/smbldap.c:smbldap_modify(1376) smbldap_modify: dn => [cn=boubou2,ou=Group,dc=eib,dc=org] [2007/04/05 12:07:07, 10] lib/smbldap.c:smbldap_modify(1396) Failed to modify dn: cn=boubou2,ou=Group,dc=eib,dc=org, error: 20 (Type or value exists) () [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_create_dom_group [2007/04/05 12:07:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 rid : 000003f7 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0018 status: NT_STATUS_ACCESS_DENIED [2007/04/05 12:07:07, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 24 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 68 [2007/04/05 12:07:07, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0034 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000034 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000001c [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:07, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..52] [2007/04/05 12:07:07, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:07, 5] lib/util.c:show_msg(494) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29248 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 52 (0x34) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=53 [2007/04/05 12:07:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 34 00 00 00 34 00 00 ........ .4...4.. [010] 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 F7 03 00 ........ .....÷.. [030] 00 22 00 00 C0 ."..À [2007/04/05 12:07:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/04/05 12:07:07, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x80 [2007/04/05 12:07:07, 3] smbd/process.c:process_smb(1068) Transaction 23 of length 132 [2007/04/05 12:07:07, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:07, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29312 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=61 [2007/04/05 12:07:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 35 00 00 ........ .,...5.. [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ........ ........ [030] 02 00 00 00 00 14 46 49 CA B7 56 00 00 ......FI Ê·V.. [2007/04/05 12:07:07, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:07, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:07, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/04/05 12:07:07, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:07, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:07, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:07, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:07, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:07, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:07, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 002c [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000035 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000014 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0001 [2007/04/05 12:07:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:07, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2007/04/05 12:07:07, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 16b038 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2007/04/05 12:07:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 02000000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:07, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2007/04/05 12:07:07, 10] rpc_server/srv_samr_nt.c:free_samr_cache(350) free_samr_cache: deleting cache for SID S-1-5-21-1983400870-1501700471-923749875 [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/04/05 12:07:07, 3] smbd/uid.c:push_conn_ctx(350) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/05 12:07:07, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/05 12:07:07, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/05 12:07:07, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/05 12:07:07, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(572) samr_reply_close_hnd: 572 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2007/04/05 12:07:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/05 12:07:07, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/04/05 12:07:07, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000035 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:07, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/04/05 12:07:07, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29312 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/05 12:07:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 35 00 00 ........ .0...5.. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/05 12:07:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/04/05 12:07:07, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x80 [2007/04/05 12:07:07, 3] smbd/process.c:process_smb(1068) Transaction 24 of length 132 [2007/04/05 12:07:07, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:07, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29376 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30598 (0x7786) smb_bcc=61 [2007/04/05 12:07:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 36 00 00 ........ .,...6.. [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ........ ........ [030] 01 00 00 00 00 14 46 49 CA B7 56 00 00 ......FI Ê·V.. [2007/04/05 12:07:07, 3] smbd/process.c:switch_message(926) switch message SMBtrans (pid 22199) conn 0x46b5e0 [2007/04/05 12:07:07, 4] smbd/uid.c:change_to_user(181) change_to_user: Skipping user change - already user [2007/04/05 12:07:07, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/04/05 12:07:07, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/04/05 12:07:07, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/04/05 12:07:07, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/04/05 12:07:07, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=7786 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name samr pnum=7786 (pipes_open=1) [2007/04/05 12:07:07, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7786) [2007/04/05 12:07:07, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:46c588 max_trans_reply: 1024 [2007/04/05 12:07:07, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7786 name: samr open: Yes len: 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 002c [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000036 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 alloc_hint: 00000014 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 context_id: 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0006 opnum : 0001 [2007/04/05 12:07:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:07, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\samr [2007/04/05 12:07:07, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2007/04/05 12:07:07, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 16b038 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2007/04/05 12:07:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 01000000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 14 46 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 49 ca b7 56 00 00 [2007/04/05 12:07:07, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 14 46 49 CA ........ .....FIÊ [010] B7 56 00 00 ·V.. [2007/04/05 12:07:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2007/04/05 12:07:07, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(572) samr_reply_close_hnd: 572 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2007/04/05 12:07:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/05 12:07:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/05 12:07:07, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called samr successfully [2007/04/05 12:07:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/04/05 12:07:07, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7786 name: samr len: 1024 [2007/04/05 12:07:07, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000036 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/05 12:07:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/05 12:07:07, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/04/05 12:07:07, 5] lib/util.c:show_msg(484) [2007/04/05 12:07:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1196 smb_uid=101 smb_mid=29376 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/05 12:07:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 36 00 00 ........ .0...6.. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 .