lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for nl_User6 (nl_User6) making strings for nl_User6's user_info struct making blobs for nl_User6's user_info struct made an encrypted user_info for nl_User6 (nl_User6) check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 99 FA B4 02 ED A8 FF 93 .ú´.í¨ÿ. check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER attempting to free (and zero) a user_info structure structure was created for nl_User6 write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 214 got message type 0x0 of len 0xd6 Transaction 22 of length 218 size=214 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 214 (0xD6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=155 [000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 [020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² [030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . [040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO [050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s [060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 49 Making default auth method list for security=ADS load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 59 33 AF 40 94 67 9E E4 Y3¯@.g.ä write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 23 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64832 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 39 1B N.2.K.P. R.O.1.9. [080] 6C DD 4C 64 F5 A4 00 00 00 00 00 00 00 00 00 00 lÝLdõ¤.. ........ [090] 00 00 00 00 00 00 FB A4 FC FD EF 24 F5 07 4F 19 ......û¤ üýï$õ.O. [0A0] 71 B8 C8 BC C9 0F B8 C6 13 58 07 64 FE D4 21 65 q¸È¼É.¸Æ .X.dþÔ!e [0B0] 38 DA E3 C1 06 FD 00 79 6D 50 81 B2 7E 2E 00 57 8ÚãÁ.ý.y mP.²~..W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 0A 1E 2E 8F 0C 55 B0 A3 .....U°£ lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for nl_User6 (nl_User6) making strings for nl_User6's user_info struct making blobs for nl_User6's user_info struct made an encrypted user_info for nl_User6 (nl_User6) check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 0A 1E 2E 8F 0C 55 B0 A3 .....U°£ check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER attempting to free (and zero) a user_info structure structure was created for nl_User6 write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 214 got message type 0x0 of len 0xd6 Transaction 24 of length 218 size=214 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64896 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 214 (0xD6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=155 [000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 [020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² [030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . [040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO [050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s [060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 49 Making default auth method list for security=ADS load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] C5 99 8F 7C A1 43 A4 D2 Å..|¡C¤Ò write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 25 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 03 91 N.2.K.P. R.O.1... [080] 27 D7 FE 35 AD 0F 00 00 00 00 00 00 00 00 00 00 '×þ5­... ........ [090] 00 00 00 00 00 00 0B 4E 02 97 EE 0B 08 02 A6 95 .......N ..î...¦. [0A0] A0 18 01 45 61 C6 1F 4C B7 52 2B CA EE D4 59 91  ..EaÆ.L ·R+ÊîÔY. [0B0] 7E 1A 87 89 4F 79 B4 B3 11 4F DE 0F BC B9 00 57 ~...Oy´³ .OÞ.¼¹.W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 6C C0 7D 14 1E AB 1E 65 lÀ}..«.e lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for nl_User6 (nl_User6) making strings for nl_User6's user_info struct making blobs for nl_User6's user_info struct made an encrypted user_info for nl_User6 (nl_User6) check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 6C C0 7D 14 1E AB 1E 65 lÀ}..«.e check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER attempting to free (and zero) a user_info structure structure was created for nl_User6 write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 214 got message type 0x0 of len 0xd6 Transaction 26 of length 218 size=214 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=65024 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 214 (0xD6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=155 [000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 [020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² [030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . [040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO [050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s [060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 49 Making default auth method list for security=ADS load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 71 90 01 96 26 E4 44 AC q...&äD¬ write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 27 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=65088 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 90 01 N.2.K.P. R.O.1... [080] 07 0B 92 EB FF BD 00 00 00 00 00 00 00 00 00 00 ...ëÿ½.. ........ [090] 00 00 00 00 00 00 10 47 14 98 54 8E 3D 7D 7E 43 .......G ..T.=}~C [0A0] 46 C2 DD E4 FE 91 92 5A 71 2B 7E D8 0B 20 79 29 FÂÝäþ..Z q+~Ø. y) [0B0] 1C F8 C7 FA F3 C8 08 03 CC EB E2 78 E4 26 00 57 .øÇúóÈ.. Ìëâxä&.W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 0D 8E 52 2B DE A5 7A B9 ..R+Þ¥z¹ lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for nl_User6 (nl_User6) making strings for nl_User6's user_info struct making blobs for nl_User6's user_info struct made an encrypted user_info for nl_User6 (nl_User6) check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 0D 8E 52 2B DE A5 7A B9 ..R+Þ¥z¹ check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER attempting to free (and zero) a user_info structure structure was created for nl_User6 write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 198 got message type 0x0 of len 0xc6 Transaction 28 of length 202 size=198 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=65152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 198 (0xC6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=139 [000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" [020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... [030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ [040] 00 00 D6 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ..ÖW.i.n .d.o.w.s [050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 32 Making default auth method list for security=ADS load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe0088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 4F 0D 7B FD 4F 06 11 F4 O.{ýO..ô write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 29 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=65216 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 FB 3D N.2.K.P. R.O.1.û= [080] 3F 73 DB 14 08 85 00 00 00 00 00 00 00 00 00 00 ?sÛ..... ........ [090] 00 00 00 00 00 00 E4 17 EE 95 72 89 0B 6E 90 7A ......ä. î.r..n.z [0A0] 11 CB 76 C4 9D 21 71 8F 2C ED DD 85 78 F0 F0 0A .ËvÄ.!q. ,íÝ.xðð. [0B0] 4E 7D 46 18 40 F7 F8 01 9E 71 E2 ED F5 EE 00 57 N}F.@÷ø. .qâíõî.W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] A9 EC EA FB 0C 3E E0 80 ©ìêû.>à. lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for na_user5 (na_user5) making strings for na_user5's user_info struct making blobs for na_user5's user_info struct made an encrypted user_info for na_user5 (na_user5) check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] A9 EC EA FB 0C 3E E0 80 ©ìêû.>à. check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 000000 net_io_user_info3 0000 ptr_user_info : 00020004 000004 smb_io_time logon time 0004 low : 1a92c9f0 0008 high: 01c3b092 00000c smb_io_time logoff time 000c low : ffffffff 0010 high: 7fffffff 000014 smb_io_time kickoff time 0014 low : ffffffff 0018 high: 7fffffff 00001c smb_io_time last set time 001c low : 00000000 0020 high: 00000000 000024 smb_io_time can change time 0024 low : 2a69c000 0028 high: 000000c9 00002c smb_io_time must change time 002c low : ffffffff 0030 high: 7fffffff 000034 smb_io_unihdr hdr_user_name 0034 uni_str_len: 0010 0036 uni_max_len: 0012 0038 buffer : 00020008 00003c smb_io_unihdr hdr_full_name 003c uni_str_len: 0000 003e uni_max_len: 0000 0040 buffer : 00000000 000044 smb_io_unihdr hdr_logon_script 0044 uni_str_len: 0000 0046 uni_max_len: 0000 0048 buffer : 00000000 00004c smb_io_unihdr hdr_profile_path 004c uni_str_len: 0000 004e uni_max_len: 0000 0050 buffer : 00000000 000054 smb_io_unihdr hdr_home_dir 0054 uni_str_len: 0000 0056 uni_max_len: 0000 0058 buffer : 00000000 00005c smb_io_unihdr hdr_dir_drive 005c uni_str_len: 0000 005e uni_max_len: 0000 0060 buffer : 00000000 0064 logon_count : 0002 0066 bad_pw_count : 0000 0068 user_rid : 0000046e 006c group_rid : 00000201 0070 num_groups : 00000002 0074 buffer_groups : 0002000c 0078 user_flgs : 00000120 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 00008c smb_io_unihdr hdr_logon_srv 008c uni_str_len: 001c 008e uni_max_len: 001e 0090 buffer : 00020010 000094 smb_io_unihdr hdr_logon_dom 0094 uni_str_len: 0018 0096 uni_max_len: 001a 0098 buffer : 00020014 009c buffer_dom_id : 00020018 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00c8 num_other_sids: 00000000 00cc buffer_other_sids: 00000000 0000d0 smb_io_unistr2 uni_user_name 00d0 uni_max_len: 00000009 00d4 offset : 00000000 00d8 uni_str_len: 00000008 00dc buffer : n.a._.U.s.e.r.5. 0000ec smb_io_unistr2 - NULL uni_full_name 0000ec smb_io_unistr2 - NULL uni_logon_script 0000ec smb_io_unistr2 - NULL uni_profile_path 0000ec smb_io_unistr2 - NULL uni_home_dir 0000ec smb_io_unistr2 - NULL uni_dir_drive 00ec num_groups2 : 00000002 0000f0 smb_io_gid 00f0 g_rid: 00000201 00f4 attr : 00000007 0000f8 smb_io_gid 00f8 g_rid: 000023b8 00fc attr : 00000007 000100 smb_io_unistr2 uni_logon_srv 0100 uni_max_len: 0000000f 0104 offset : 00000000 0108 uni_str_len: 0000000e 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. 000128 smb_io_unistr2 uni_logon_dom 0128 uni_max_len: 0000000d 012c offset : 00000000 0130 uni_str_len: 0000000c 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. 00014c smb_io_dom_sid2 014c num_auths: 00000004 000150 smb_io_dom_sid sid 0150 sid_rev_num: 01 0151 num_auths : 04 0152 id_auth[0] : 00 0153 id_auth[1] : 00 0154 id_auth[2] : 00 0155 id_auth[3] : 00 0156 id_auth[4] : 00 0157 id_auth[5] : 05 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! fill_sam_account: located username was [NORTHAMERICA\na_user5] pdb_set_username: setting username NORTHAMERICA\na_user5, was element 11 -> now SET pdb_set_full_name: setting full name na_User5, was element 12 -> now SET pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL element 21 -> now SET pdb_set_domain: setting domain THUNDERBIRD, was pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 element 18 -> now SET pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 Home server: thunderbird pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was Home server: thunderbird pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was pdb_set_nt_username: setting nt username na_User5, was pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 pdb_set_full_name: setting full name , was na_User5 pdb_set_logon_script: setting logon script , was pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 pdb_set_dir_drive: setting dir drive , was get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 fetch sid from gid cache 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 fetch sid from gid cache 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 check_ntlm_password: winbind authentication for user [na_user5] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded attempting to free (and zero) a user_info structure structure was created for na_user5 Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Created NTLM2 session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH register_vuid: allocated vuid = 101 register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 User name: NORTHAMERICA\na_user5 Real name: UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 101 Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' lp_servicenumber: couldn't find homes write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 88 got message type 0x0 of len 0x58 Transaction 30 of length 92 size=88 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=65280 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=45 [000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E [010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 49 00 50 .R.B.I.R .D.\.I.P [020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. switch message SMBtconX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! Connect path is '/tmp' for service [IPC$] get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming IPC$ 0 get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 se_access_check: access (1) granted. setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) newvm-win2kpro1 (10.33.1.222) connect to service IPC$ initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=65280 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... write_socket(16,52) write_socket(16,52) wrote 52 got smb length of 100 got message type 0x0 of len 0x64 Transaction 31 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65344 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) vfs_ChDir to /tmp reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 757b (pipes_open=1) open pipes: name srvsvc pnum=757b do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65344 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=31488 (0x7B00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 32 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30075 (0x757B) smb_bcc=89 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 2E .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757b pipe name srvsvc pnum=757b (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 757b)api_fd_reply: p:0x422db114 max_trans_reply: 1024 write_to_pipe: 757b name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 757b name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 180 got message type 0x0 of len 0xb4 Transaction 33 of length 184 size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30075 (0x757B) smb_bcc=113 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 2E .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 0F 00 CC 6B CF 00 0E 00 00 .H...... .ÌkÏ.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 01 00 00 00 01 00 00 00 4C D3 FA .d...... .....LÓú [060] 03 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 ........ .ÿÿÿÿ... [070] 00 . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=96 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757b pipe name srvsvc pnum=757b (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 757b)api_fd_reply: p:0x422db114 max_trans_reply: 1024 write_to_pipe: 757b name: srvsvc open: Yes len: 96 write_to_pipe: data_left = 96 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000048 0004 context_id: 0000 0006 opnum : 000f free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRV_NET_SHARE_ENUM_ALL api_rpc_cmds[2].fn == 0x80fa210 000000 srv_io_q_net_share_enum 0000 ptr_srv_name: 00cf6bcc 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 00002c srv_io_srv_share_ctr share_ctr 002c info_level: 00000001 0030 switch_value: 00000001 0034 ptr_share_info: 03fad34c 0038 num_entries: 00000000 003c ptr_entries: 00000000 0040 preferred_len: ffffffff 000044 smb_io_enum_hnd enum_hnd 0044 ptr_hnd: 00000000 _srv_net_share_enum: 1343 init_srv_r_net_share_enum: 715 init_srv_share_info_ctr init_srv_share_info1: vm-source 0 init_srv_share_info1_str init_srv_share_info1: public 0 init_srv_share_info1_str init_srv_share_info1: newtest 0 init_srv_share_info1_str init_srv_share_info1: IPC$ 3 IPC Service (Samba TIP test server: ThunderBird) init_srv_share_info1_str init_srv_share_info1: ADMIN$ 3 IPC Service (Samba TIP test server: ThunderBird) init_srv_share_info1_str smb_io_enum_hnd _srv_net_share_enum: 1355 000000 srv_io_r_net_share_enum 000000 srv_io_srv_share_ctr share_ctr 0000 info_level: 00000001 0004 switch_value: 00000001 0008 ptr_share_info: 00000001 000c num_entries: 00000005 0010 ptr_entries: 00000001 0014 num_entries2: 00000005 000018 srv_io_share_info1 0018 ptr_netname: 00000001 001c type : 00000000 0020 ptr_remark : 00000001 000024 srv_io_share_info1 0024 ptr_netname: 00000001 0028 type : 00000000 002c ptr_remark : 00000001 000030 srv_io_share_info1 0030 ptr_netname: 00000001 0034 type : 00000000 0038 ptr_remark : 00000001 00003c srv_io_share_info1 003c ptr_netname: 00000001 0040 type : 00000003 0044 ptr_remark : 00000001 000048 srv_io_share_info1 0048 ptr_netname: 00000001 004c type : 00000003 0050 ptr_remark : 00000001 000054 srv_io_share_info1_str 000054 smb_io_unistr2 0054 uni_max_len: 0000000a 0058 offset : 00000000 005c uni_str_len: 0000000a 0060 buffer : v.m.-.s.o.u.r.c.e... 000074 smb_io_unistr2 0074 uni_max_len: 00000001 0078 offset : 00000000 007c uni_str_len: 00000001 0080 buffer : .. 000082 srv_io_share_info1_str 000084 smb_io_unistr2 0084 uni_max_len: 00000007 0088 offset : 00000000 008c uni_str_len: 00000007 0090 buffer : p.u.b.l.i.c... 0000a0 smb_io_unistr2 00a0 uni_max_len: 00000001 00a4 offset : 00000000 00a8 uni_str_len: 00000001 00ac buffer : .. 0000ae srv_io_share_info1_str 0000b0 smb_io_unistr2 00b0 uni_max_len: 00000008 00b4 offset : 00000000 00b8 uni_str_len: 00000008 00bc buffer : n.e.w.t.e.s.t... 0000cc smb_io_unistr2 00cc uni_max_len: 00000001 00d0 offset : 00000000 00d4 uni_str_len: 00000001 00d8 buffer : .. 0000da srv_io_share_info1_str 0000dc smb_io_unistr2 00dc uni_max_len: 00000005 00e0 offset : 00000000 00e4 uni_str_len: 00000005 00e8 buffer : I.P.C.$... 0000f4 smb_io_unistr2 00f4 uni_max_len: 00000031 00f8 offset : 00000000 00fc uni_str_len: 00000031 0100 buffer : I.P.C. .S.e.r.v.i.c.e. .(.S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d.)... 000162 srv_io_share_info1_str 000164 smb_io_unistr2 0164 uni_max_len: 00000007 0168 offset : 00000000 016c uni_str_len: 00000007 0170 buffer : A.D.M.I.N.$... 000180 smb_io_unistr2 0180 uni_max_len: 00000031 0184 offset : 00000000 0188 uni_str_len: 00000031 018c buffer : I.P.C. .S.e.r.v.i.c.e. .(.S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d.)... 01f0 total_entries: 00000005 0001f4 smb_io_enum_hnd enum_hnd 01f4 ptr_hnd: 00000000 01f8 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 5388 write_to_pipe: data_used = 80 read_from_pipe: 757b name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 508. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0214 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 000001fc 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..532] size=588 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=65472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 532 (0x214) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 532 (0x214) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=533 [000] 00 05 00 02 03 10 00 00 00 14 02 00 00 01 00 00 ........ ........ [010] 00 FC 01 00 00 00 00 00 00 01 00 00 00 01 00 00 .ü...... ........ [020] 00 01 00 00 00 05 00 00 00 01 00 00 00 05 00 00 ........ ........ [030] 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 ........ ........ [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 01 00 00 ........ ........ [060] 00 01 00 00 00 03 00 00 00 01 00 00 00 0A 00 00 ........ ........ [070] 00 00 00 00 00 0A 00 00 00 76 00 6D 00 2D 00 73 ........ .v.m.-.s [080] 00 6F 00 75 00 72 00 63 00 65 00 00 00 01 00 00 .o.u.r.c .e...... [090] 00 00 00 00 00 01 00 00 00 00 00 00 00 07 00 00 ........ ........ [0A0] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l [0B0] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ [0C0] 00 01 00 00 00 00 00 00 00 08 00 00 00 00 00 00 ........ ........ [0D0] 00 08 00 00 00 6E 00 65 00 77 00 74 00 65 00 73 .....n.e .w.t.e.s [0E0] 00 74 00 00 00 01 00 00 00 00 00 00 00 01 00 00 .t...... ........ [0F0] 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 ........ ........ [100] 00 49 00 50 00 43 00 24 00 00 00 00 00 31 00 00 .I.P.C.$ .....1.. [110] 00 00 00 00 00 31 00 00 00 49 00 50 00 43 00 20 .....1.. .I.P.C. [120] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [130] 00 28 00 53 00 61 00 6D 00 62 00 61 00 20 00 54 .(.S.a.m .b.a. .T [140] 00 49 00 50 00 20 00 74 00 65 00 73 00 74 00 20 .I.P. .t .e.s.t. [150] 00 73 00 65 00 72 00 76 00 65 00 72 00 3A 00 20 .s.e.r.v .e.r.:. [160] 00 54 00 68 00 75 00 6E 00 64 00 65 00 72 00 42 .T.h.u.n .d.e.r.B [170] 00 69 00 72 00 64 00 29 00 00 00 00 00 07 00 00 .i.r.d.) ........ [180] 00 00 00 00 00 07 00 00 00 41 00 44 00 4D 00 49 ........ .A.D.M.I [190] 00 4E 00 24 00 00 00 00 00 31 00 00 00 00 00 00 .N.$.... .1...... [1A0] 00 31 00 00 00 49 00 50 00 43 00 20 00 53 00 65 .1...I.P .C. .S.e [1B0] 00 72 00 76 00 69 00 63 00 65 00 20 00 28 00 53 .r.v.i.c .e. .(.S [1C0] 00 61 00 6D 00 62 00 61 00 20 00 54 00 49 00 50 .a.m.b.a . .T.I.P [1D0] 00 20 00 74 00 65 00 73 00 74 00 20 00 73 00 65 . .t.e.s .t. .s.e [1E0] 00 72 00 76 00 65 00 72 00 3A 00 20 00 54 00 68 .r.v.e.r .:. .T.h [1F0] 00 75 00 6E 00 64 00 65 00 72 00 42 00 69 00 72 .u.n.d.e .r.B.i.r write_socket(16,592) write_socket(16,592) wrote 592 got smb length of 41 got message type 0x0 of len 0x29 Transaction 34 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=0 smt_wct=3 smb_vwv[ 0]=30075 (0x757B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=757b pipe name srvsvc pnum=757b (pipes_open=1) reply_pipe_close: pnum:757b close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=757b (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=0 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 102 got message type 0x0 of len 0x66 Transaction 35 of length 106 size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=64 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [010] 00 00 00 ... switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \spoolss. nt_open_pipe: Known pipe spoolss opening. Open pipe requested spoolss (pipes_open=0) Create pipe requested spoolss init_pipe_handles: created handle list for pipe spoolss init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss Created internal pipe spoolss (pipes_open=0) Opened pipe spoolss with handle 757c (pipes_open=1) open pipes: name spoolss pnum=757c do_ntcreate_pipe_open: open pipe = \spoolss size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=64 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=31744 (0x7C00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 36 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=128 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30076 (0x757C) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.Í «ï..#Eg. [040] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 «.....]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757c pipe name spoolss pnum=757c (pipes_open=1) Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 write_to_pipe: 757c name: spoolss open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\spoolss 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000e 000a str: \PIPE\spoolss. 000018 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 757c name: spoolss len: 1024 read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=128 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 \spoolss ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 286 got message type 0x0 of len 0x11e Transaction 37 of length 290 size=286 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=192 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 202 (0xCA) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 202 (0xCA) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30076 (0x757C) smb_bcc=219 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 CA 00 00 00 01 00 00 ........ .Ê...... [020] 00 B2 00 00 00 00 00 45 00 B0 8E C9 00 0E 00 00 .².....E .°.É.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .d...... ........ [060] 00 00 00 00 00 01 00 00 00 01 00 00 00 A0 F7 D5 ........ ..... ÷Õ [070] 00 1C 00 00 00 78 78 C9 00 8C F5 D5 00 93 08 00 .....xxÉ ..õÕ.... [080] 00 03 00 00 00 00 00 00 00 00 00 00 00 12 00 00 ........ ........ [090] 00 00 00 00 00 12 00 00 00 5C 00 5C 00 4E 00 45 ........ .\.\.N.E [0A0] 00 57 00 56 00 4D 00 2D 00 57 00 49 00 4E 00 32 .W.V.M.- .W.I.N.2 [0B0] 00 4B 00 50 00 52 00 4F 00 31 00 00 00 09 00 00 .K.P.R.O .1...... [0C0] 00 00 00 00 00 09 00 00 00 6E 00 6C 00 5F 00 75 ........ .n.l._.u [0D0] 00 73 00 65 00 72 00 36 00 00 00 .s.e.r.6 ... switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=202 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757c pipe name spoolss pnum=757c (pipes_open=1) Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 write_to_pipe: 757c name: spoolss open: Yes len: 202 write_to_pipe: data_left = 202 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 202 fill_rpc_header: data_to_copy = 202, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 186 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 186 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00ca 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 186 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 186, incoming data = 186 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 000000b2 0004 context_id: 0000 0006 opnum : 0045 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\spoolss api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX api_rpc_cmds[1].fn == 0x80ffe80 000000 spoolss_io_q_open_printer_ex 0000 printername_ptr: 00c98eb0 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 00002c spoolss_io_printer_default 002c datatype_ptr: 00000000 000030 smb_io_unistr2 - NULL datatype 000030 spoolss_io_devmode_cont 0030 size: 00000000 0034 devmode_ptr: 00000000 0038 access_required: 00000000 003c user_switch: 00000001 000040 spool_io_user_level 0040 level: 00000001 0044 ptr: 00d5f7a0 000048 0048 size: 0000001c 004c client_name_ptr: 00c97878 0050 user_name_ptr: 00d5f58c 0054 build: 00000893 0058 major: 00000003 005c minor: 00000000 0060 processor: 00000000 000064 smb_io_unistr2 0064 uni_max_len: 00000012 0068 offset : 00000000 006c uni_str_len: 00000012 0070 buffer : \.\.N.E.W.V.M.-.W.I.N.2.K.P.R.O.1... 000094 smb_io_unistr2 0094 uni_max_len: 00000009 0098 offset : 00000000 009c uni_str_len: 00000009 00a0 buffer : n.l._.u.s.e.r.6... checking name: \\thunderbird open_printer_hnd: name [\\thunderbird] Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....­&þ? [010] D6 2B 00 00 Ö+.. Setting printer type=\\thunderbird Printer is a print server Setting printer name=\\thunderbird (len=13) 1 printer handles active Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....­&þ? [010] D6 2B 00 00 Ö+.. Setting print server access = SERVER_ACCESS_ENUMERATE 000000 spoolss_io_r_open_printer_ex 000000 smb_io_pol_hnd printer handle 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: ad 26 fe 3f d6 2b 00 00 0014 status code: WERR_OK api_rpcTNP: called spoolss successfully free_pipe_context: destroying talloc pool of size 82 write_to_pipe: data_used = 186 read_from_pipe: 757c name: spoolss len: 1024 read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=192 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 AD 26 FE 3F D6 2B 00 00 00 00 00 .....­&þ ?Ö+..... [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 128 got message type 0x0 of len 0x80 Transaction 38 of length 132 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=256 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30076 (0x757C) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 AD 26 FE 3F D6 2B 00 00 .....­&þ ?Ö+.. switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757c pipe name spoolss pnum=757c (pipes_open=1) Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 write_to_pipe: 757c name: spoolss open: Yes len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 001d free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\spoolss api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER api_rpc_cmds[3].fn == 0x8100250 000000 spoolss_io_q_closeprinter 000000 smb_io_pol_hnd printer handle 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: ad 26 fe 3f d6 2b 00 00 Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....­&þ? [010] D6 2B 00 00 Ö+.. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....­&þ? [010] D6 2B 00 00 Ö+.. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....­&þ? [010] D6 2B 00 00 Ö+.. Closed policy 000000 spoolss_io_r_closeprinter 000000 smb_io_pol_hnd printer handle 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: WERR_OK api_rpcTNP: called spoolss successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 read_from_pipe: 757c name: spoolss len: 1024 read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=256 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 41 got message type 0x0 of len 0x29 Transaction 39 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=3 smb_vwv[ 0]=30076 (0x757C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=757c pipe name spoolss pnum=757c (pipes_open=1) reply_pipe_close: pnum:757c close_policy_by_pipe: deleted handle list for pipe spoolss closed pipe name spoolss pnum=757c (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 40 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=384 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] E2 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 â\.w.k.s .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \wkssvc. nt_open_pipe: Known pipe wkssvc opening. Open pipe requested wkssvc (pipes_open=0) Create pipe requested wkssvc init_pipe_handles: created handle list for pipe wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc Created internal pipe wkssvc (pipes_open=0) Opened pipe wkssvc with handle 757d (pipes_open=1) open pipes: name wkssvc pnum=757d do_ntcreate_pipe_open: open pipe = \wkssvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=384 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=32000 (0x7D00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 41 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30077 (0x757D) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ..Ðÿk.¡. 6.3FÃø~4 [040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757d pipe name wkssvc pnum=757d (pipes_open=1) Got API command 0x26 on pipe "wkssvc" (pnum 757d)api_fd_reply: p:0x4222e9c4 max_trans_reply: 1024 write_to_pipe: 757d name: wkssvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 757d name: wkssvc len: 1024 read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 156 got message type 0x0 of len 0x9c Transaction 42 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30077 (0x757D) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 30 00 00 00 00 00 00 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 64 00 00 00 .d...d.. . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757d pipe name wkssvc pnum=757d (pipes_open=1) Got API command 0x26 on pipe "wkssvc" (pnum 757d)api_fd_reply: p:0x4222e9c4 max_trans_reply: 1024 write_to_pipe: 757d name: wkssvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\wkssvc api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO api_rpc_cmds[0].fn == 0x80f5d70 000000 wks_io_q_query_info 0000 ptr_srv_name: 03ccf644 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 002c switch_value: 0064 _wks_query_info: 66 create_wks_info_100: 40 Init WKS_INFO_100: 79 init_wks_r_unknown_0: 139 _wks_query_info: 76 000000 wks_io_r_query_info 0000 switch_value: 0064 0004 ptr_1 : 00000001 000008 wks_io_wks_info_100 inf 0008 platform_id : 000001f4 000c ptr_compname: 00000001 0010 ptr_lan_grp : 00000001 0014 ver_major : 00000004 0018 ver_minor : 00000009 00001c smb_io_unistr2 001c uni_max_len: 0000000c 0020 offset : 00000000 0024 uni_str_len: 0000000c 0028 buffer : T.H.U.N.D.E.R.B.I.R.D... 000040 smb_io_unistr2 0040 uni_max_len: 0000000d 0044 offset : 00000000 0048 uni_str_len: 0000000d 004c buffer : N.O.R.T.H.A.M.E.R.I.C.A... 0068 status : NT_STATUS_OK api_rpcTNP: called wkssvc successfully free_pipe_context: destroying talloc pool of size 1104 write_to_pipe: data_used = 56 read_from_pipe: 757d name: wkssvc len: 1024 read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0084 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000006c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..132] size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 132 (0x84) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 01 00 00 ........ ........ [010] 00 6C 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .l...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 .ô...... ........ [030] 00 09 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [040] 00 54 00 48 00 55 00 4E 00 44 00 45 00 52 00 42 .T.H.U.N .D.E.R.B [050] 00 49 00 52 00 44 00 00 00 0D 00 00 00 00 00 00 .I.R.D.. ........ [060] 00 0D 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A [070] 00 4D 00 45 00 52 00 49 00 43 00 41 00 00 00 00 .M.E.R.I .C.A.... [080] 00 00 00 00 00 ..... write_socket(16,192) write_socket(16,192) wrote 192 got smb length of 41 got message type 0x0 of len 0x29 Transaction 43 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=3 smb_vwv[ 0]=30077 (0x757D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=757d pipe name wkssvc pnum=757d (pipes_open=1) reply_pipe_close: pnum:757d close_policy_by_pipe: deleted handle list for pipe wkssvc closed pipe name wkssvc pnum=757d (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 44 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=640 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 757e (pipes_open=1) open pipes: name srvsvc pnum=757e do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=640 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=32256 (0x7E00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 45 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=704 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30078 (0x757E) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757e pipe name srvsvc pnum=757e (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 757e)api_fd_reply: p:0x41ef2078 max_trans_reply: 1024 write_to_pipe: 757e name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 757e name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=704 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 156 got message type 0x0 of len 0x9c Transaction 46 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=768 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30078 (0x757E) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 30 00 00 00 00 00 15 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 65 00 00 00 .d...e.. . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757e pipe name srvsvc pnum=757e (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 757e)api_fd_reply: p:0x41ef2078 max_trans_reply: 1024 write_to_pipe: 757e name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0015 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO api_rpc_cmds[10].fn == 0x80f9ee0 000000 srv_io_q_net_srv_get_info 0000 ptr_srv_name : 03ccf644 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 002c switch_value : 00000065 srv_net_srv_get_info: 1199 init_srv_info_101 init_srv_r_net_srv_get_info srv_net_srv_get_info: 1244 000000 srv_io_r_net_srv_get_info 000000 srv_io_info_ctr ctr 0000 switch_value: 00000065 0004 ptr_srv_ctr : 00000001 000008 srv_io_info_101 sv101 0008 platform_id : 000001f4 000c ptr_name : 00000001 0010 ver_major : 00000004 0014 ver_minor : 00000009 0018 srv_type : 00009903 001c ptr_comment : 00000001 000020 smb_io_unistr2 uni_name 0020 uni_max_len: 0000000c 0024 offset : 00000000 0028 uni_str_len: 0000000c 002c buffer : T.H.U.N.D.E.R.B.I.R.D... 000044 smb_io_unistr2 uni_comment 0044 uni_max_len: 00000023 0048 offset : 00000000 004c uni_str_len: 00000023 0050 buffer : S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d... 0098 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 1160 write_to_pipe: data_used = 56 read_from_pipe: 757e name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 156. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00b4 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000009c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..180] size=236 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=768 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 01 00 00 ........ .´...... [010] 00 9C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 ........ .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 .ô...... ........ [030] 00 03 99 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ [040] 00 0C 00 00 00 54 00 48 00 55 00 4E 00 44 00 45 .....T.H .U.N.D.E [050] 00 52 00 42 00 49 00 52 00 44 00 00 00 23 00 00 .R.B.I.R .D...#.. [060] 00 00 00 00 00 23 00 00 00 53 00 61 00 6D 00 62 .....#.. .S.a.m.b [070] 00 61 00 20 00 54 00 49 00 50 00 20 00 74 00 65 .a. .T.I .P. .t.e [080] 00 73 00 74 00 20 00 73 00 65 00 72 00 76 00 65 .s.t. .s .e.r.v.e [090] 00 72 00 3A 00 20 00 54 00 68 00 75 00 6E 00 64 .r.:. .T .h.u.n.d [0A0] 00 65 00 72 00 42 00 69 00 72 00 64 00 00 00 00 .e.r.B.i .r.d.... [0B0] 00 00 00 00 00 ..... write_socket(16,240) write_socket(16,240) wrote 240 got smb length of 41 got message type 0x0 of len 0x29 Transaction 47 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=3 smb_vwv[ 0]=30078 (0x757E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=757e pipe name srvsvc pnum=757e (pipes_open=1) reply_pipe_close: pnum:757e close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=757e (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 48 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \wkssvc. nt_open_pipe: Known pipe wkssvc opening. Open pipe requested wkssvc (pipes_open=0) Create pipe requested wkssvc init_pipe_handles: created handle list for pipe wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc Created internal pipe wkssvc (pipes_open=0) Opened pipe wkssvc with handle 757f (pipes_open=1) open pipes: name wkssvc pnum=757f do_ntcreate_pipe_open: open pipe = \wkssvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=896 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=32512 (0x7F00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 49 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30079 (0x757F) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ..Ðÿk.¡. 6.3FÃø~4 [040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757f pipe name wkssvc pnum=757f (pipes_open=1) Got API command 0x26 on pipe "wkssvc" (pnum 757f)api_fd_reply: p:0x41f06090 max_trans_reply: 1024 write_to_pipe: 757f name: wkssvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 757f name: wkssvc len: 1024 read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 156 got message type 0x0 of len 0x9c Transaction 50 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30079 (0x757F) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 30 00 00 00 00 00 00 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 64 00 00 00 .d...d.. . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=757f pipe name wkssvc pnum=757f (pipes_open=1) Got API command 0x26 on pipe "wkssvc" (pnum 757f)api_fd_reply: p:0x41f06090 max_trans_reply: 1024 write_to_pipe: 757f name: wkssvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\wkssvc api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO api_rpc_cmds[0].fn == 0x80f5d70 000000 wks_io_q_query_info 0000 ptr_srv_name: 03ccf644 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 002c switch_value: 0064 _wks_query_info: 66 create_wks_info_100: 40 Init WKS_INFO_100: 79 init_wks_r_unknown_0: 139 _wks_query_info: 76 000000 wks_io_r_query_info 0000 switch_value: 0064 0004 ptr_1 : 00000001 000008 wks_io_wks_info_100 inf 0008 platform_id : 000001f4 000c ptr_compname: 00000001 0010 ptr_lan_grp : 00000001 0014 ver_major : 00000004 0018 ver_minor : 00000009 00001c smb_io_unistr2 001c uni_max_len: 0000000c 0020 offset : 00000000 0024 uni_str_len: 0000000c 0028 buffer : T.H.U.N.D.E.R.B.I.R.D... 000040 smb_io_unistr2 0040 uni_max_len: 0000000d 0044 offset : 00000000 0048 uni_str_len: 0000000d 004c buffer : N.O.R.T.H.A.M.E.R.I.C.A... 0068 status : NT_STATUS_OK api_rpcTNP: called wkssvc successfully free_pipe_context: destroying talloc pool of size 1104 write_to_pipe: data_used = 56 read_from_pipe: 757f name: wkssvc len: 1024 read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0084 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000006c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..132] size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 132 (0x84) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 01 00 00 ........ ........ [010] 00 6C 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .l...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 .ô...... ........ [030] 00 09 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [040] 00 54 00 48 00 55 00 4E 00 44 00 45 00 52 00 42 .T.H.U.N .D.E.R.B [050] 00 49 00 52 00 44 00 00 00 0D 00 00 00 00 00 00 .I.R.D.. ........ [060] 00 0D 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A [070] 00 4D 00 45 00 52 00 49 00 43 00 41 00 00 00 00 .M.E.R.I .C.A.... [080] 00 00 00 00 00 ..... write_socket(16,192) write_socket(16,192) wrote 192 got smb length of 41 got message type 0x0 of len 0x29 Transaction 51 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1088 smt_wct=3 smb_vwv[ 0]=30079 (0x757F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=757f pipe name wkssvc pnum=757f (pipes_open=1) reply_pipe_close: pnum:757f close_policy_by_pipe: deleted handle list for pipe wkssvc closed pipe name wkssvc pnum=757f (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1088 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 52 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1152 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 7580 (pipes_open=1) open pipes: name srvsvc pnum=7580 do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1152 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=32768 (0x8000) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 53 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1216 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30080 (0x7580) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7580 pipe name srvsvc pnum=7580 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7580)api_fd_reply: p:0x41b2dfd4 max_trans_reply: 1024 write_to_pipe: 7580 name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 7580 name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1216 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 156 got message type 0x0 of len 0x9c Transaction 54 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1280 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30080 (0x7580) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 30 00 00 00 00 00 15 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 65 00 00 00 .d...e.. . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7580 pipe name srvsvc pnum=7580 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7580)api_fd_reply: p:0x41b2dfd4 max_trans_reply: 1024 write_to_pipe: 7580 name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0015 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO api_rpc_cmds[10].fn == 0x80f9ee0 000000 srv_io_q_net_srv_get_info 0000 ptr_srv_name : 03ccf644 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 002c switch_value : 00000065 srv_net_srv_get_info: 1199 init_srv_info_101 init_srv_r_net_srv_get_info srv_net_srv_get_info: 1244 000000 srv_io_r_net_srv_get_info 000000 srv_io_info_ctr ctr 0000 switch_value: 00000065 0004 ptr_srv_ctr : 00000001 000008 srv_io_info_101 sv101 0008 platform_id : 000001f4 000c ptr_name : 00000001 0010 ver_major : 00000004 0014 ver_minor : 00000009 0018 srv_type : 00009903 001c ptr_comment : 00000001 000020 smb_io_unistr2 uni_name 0020 uni_max_len: 0000000c 0024 offset : 00000000 0028 uni_str_len: 0000000c 002c buffer : T.H.U.N.D.E.R.B.I.R.D... 000044 smb_io_unistr2 uni_comment 0044 uni_max_len: 00000023 0048 offset : 00000000 004c uni_str_len: 00000023 0050 buffer : S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d... 0098 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 1160 write_to_pipe: data_used = 56 read_from_pipe: 7580 name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 156. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00b4 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000009c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..180] size=236 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1280 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 01 00 00 ........ .´...... [010] 00 9C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 ........ .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 .ô...... ........ [030] 00 03 99 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ [040] 00 0C 00 00 00 54 00 48 00 55 00 4E 00 44 00 45 .....T.H .U.N.D.E [050] 00 52 00 42 00 49 00 52 00 44 00 00 00 23 00 00 .R.B.I.R .D...#.. [060] 00 00 00 00 00 23 00 00 00 53 00 61 00 6D 00 62 .....#.. .S.a.m.b [070] 00 61 00 20 00 54 00 49 00 50 00 20 00 74 00 65 .a. .T.I .P. .t.e [080] 00 73 00 74 00 20 00 73 00 65 00 72 00 76 00 65 .s.t. .s .e.r.v.e [090] 00 72 00 3A 00 20 00 54 00 68 00 75 00 6E 00 64 .r.:. .T .h.u.n.d [0A0] 00 65 00 72 00 42 00 69 00 72 00 64 00 00 00 00 .e.r.B.i .r.d.... [0B0] 00 00 00 00 00 ..... write_socket(16,240) write_socket(16,240) wrote 240 got smb length of 41 got message type 0x0 of len 0x29 Transaction 55 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=3 smb_vwv[ 0]=30080 (0x7580) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=7580 pipe name srvsvc pnum=7580 (pipes_open=1) reply_pipe_close: pnum:7580 close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=7580 (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 56 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1408 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \winreg. nt_open_pipe: Known pipe winreg opening. Open pipe requested winreg (pipes_open=0) Create pipe requested winreg init_pipe_handles: created handle list for pipe winreg init_pipe_handles: pipe_handles ref count = 1 for pipe winreg Created internal pipe winreg (pipes_open=0) Opened pipe winreg with handle 7581 (pipes_open=1) open pipes: name winreg pnum=7581 do_ntcreate_pipe_open: open pipe = \winreg size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1408 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=33024 (0x8100) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 57 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30081 (0x7581) smb_bcc=89 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ..Ð.3D"ñ 1ªª..8.. [040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7581 pipe name winreg pnum=7581 (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 write_to_pipe: 7581 name: winreg open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 338cd001 0014 data : 2244 0016 data : 31f1 0018 data : aa aa 001a data : 90 00 38 00 10 03 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\winreg 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\winreg. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 7581 name: winreg len: 1024 read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 120 got message type 0x0 of len 0x78 Transaction 58 of length 124 size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30081 (0x7581) smb_bcc=53 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 D8 F9 CC 03 E8 DC 00 ........ .ØùÌ.èÜ. [030] 00 00 00 00 02 ..... switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=36 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7581 pipe name winreg pnum=7581 (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 write_to_pipe: 7581 name: winreg open: Yes len: 36 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 20 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 20 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000000c 0004 context_id: 0000 0006 opnum : 0002 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM api_rpc_cmds[3].fn == 0x80f3b50 000000 reg_io_q_open_hklm 0000 ptr : 03ccf9d8 0004 unknown_0: dce8 0006 unknown_1: 0000 0008 access_mask: 02000000 open_registry_key: name = [NULL][HKLM] reghook_cache_find: Searching for keyname [/HKLM] sorted_tree_find: Enter [/HKLM] sorted_tree_find: Exit regdb_fetch_reg_keys: Enter key => [HKLM] regdb_fetch_reg_keys: Exit [1] items Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? [010] D6 2B 00 00 Ö+.. open_registry_key: exit 000000 reg_io_r_open_hklm 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: af 26 fe 3f d6 2b 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 20 read_from_pipe: 7581 name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 00 00 00 .....¯&þ ?Ö+..... [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 228 got message type 0x0 of len 0xe4 Transaction 59 of length 232 size=228 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30081 (0x7581) smb_bcc=161 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ [020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 .x...... ........ [030] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 46 00 46 .....¯&þ ?Ö+..F.F [040] 00 EC 1B C2 6A 23 00 00 00 00 00 00 00 23 00 00 .ì.Âj#.. .....#.. [050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E [060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o [070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d [080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e [090] 00 6E 00 74 00 00 00 00 00 00 00 00 00 3F 00 0F .n.t.... .....?.. [0A0] 00 . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=144 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7581 pipe name winreg pnum=7581 (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 write_to_pipe: 7581 name: winreg open: Yes len: 144 write_to_pipe: data_left = 144 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 144 fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 128 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 128 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0090 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 128 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 128, incoming data = 128 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000078 0004 context_id: 0000 0006 opnum : 000f free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY api_rpc_cmds[1].fn == 0x80f3d30 000000 reg_io_q_entry 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: af 26 fe 3f d6 2b 00 00 000014 smb_io_unihdr 0014 uni_str_len: 0046 0016 uni_max_len: 0046 0018 buffer : 6ac21bec 00001c smb_io_unistr2 001c uni_max_len: 00000023 0020 offset : 00000000 0024 uni_str_len: 00000023 0028 buffer : S.O.F.T.W.A.R.E.\.M.i.c.r.o.s.o.f.t.\.S.c.h.e.d.u.l.i.n.g.A.g.e.n.t... 0070 unknown_0 : 00000000 0074 access_desired : 000f003f Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? [010] D6 2B 00 00 Ö+.. reg_open_entry: Enter open_registry_key: name = [HKLM][SOFTWARE\Microsoft\SchedulingAgent] reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] sorted_tree_find: Enter [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] sorted_tree_find: Exit regdb_fetch_reg_keys: Enter key => [HKLM\SOFTWARE\Microsoft\SchedulingAgent] regdb_fetch_reg_keys: tdb lookup failed to locate key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] open_registry_key: exit reg_open_entry: Exit 000000 reg_io_r_open_entry 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: NT_STATUS_NO_SUCH_FILE api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 70 write_to_pipe: data_used = 128 read_from_pipe: 7581 name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ [030] C0 À write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 128 got message type 0x0 of len 0x80 Transaction 60 of length 132 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1664 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30081 (0x7581) smb_bcc=61 [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 .....¯&þ ?Ö+.. switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7581 pipe name winreg pnum=7581 (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 write_to_pipe: 7581 name: winreg open: Yes len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0005 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE api_rpc_cmds[0].fn == 0x80f3aa0 000000 reg_io_q_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: af 26 fe 3f d6 2b 00 00 Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? [010] D6 2B 00 00 Ö+.. Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? [010] D6 2B 00 00 Ö+.. Closed policy 000000 reg_io_r_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 read_from_pipe: 7581 name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 41 got message type 0x0 of len 0x29 Transaction 61 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=3 smb_vwv[ 0]=30081 (0x7581) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=7581 pipe name winreg pnum=7581 (pipes_open=1) reply_pipe_close: pnum:7581 close_policy_by_pipe: deleted handle list for pipe winreg closed pipe name winreg pnum=7581 (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 214 got message type 0x0 of len 0xd6 Transaction 62 of length 218 size=214 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=1792 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 214 (0xD6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=155 [000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 [020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² [030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . [040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO [050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s [060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 49 Making default auth method list for security=ADS load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 1A 49 AD BB 57 A1 D2 92 .I­»W¡Ò. write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 250 got message type 0x0 of len 0xfa Transaction 63 of length 254 size=250 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=1856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 250 (0xFA) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 119 (0x77) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=191 [000] A1 75 30 73 A2 71 04 6F 4E 54 4C 4D 53 53 50 00 ¡u0s¢q.o NTLMSSP. [010] 03 00 00 00 01 00 01 00 5E 00 00 00 00 00 00 00 ........ ^....... [020] 5F 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 _....... @....... [030] 40 00 00 00 1E 00 1E 00 40 00 00 00 10 00 10 00 @....... @....... [040] 5F 00 00 00 15 8A 88 60 4E 00 45 00 57 00 56 00 _......` N.E.W.V. [050] 4D 00 2D 00 57 00 49 00 4E 00 32 00 4B 00 50 00 M.-.W.I. N.2.K.P. [060] 52 00 4F 00 31 00 00 3F 99 E9 6C 8F A6 62 E2 99 R.O.1..? .él.¦bâ. [070] 5A 48 8E 55 36 73 3E 57 00 69 00 6E 00 64 00 6F ZH.U6s>W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 32 00 31 00 39 00 35 00 00 00 57 00 69 00 6E .2.1.9.5 ...W.i.n [0A0] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0B0] 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 00 .0. .5.. .0..... switch message SMBsesssetupX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[] domain=[] workstation=[NEWVM-WIN2KPRO1] len1=1 len2=0 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user []\[] from workstation [NEWVM-WIN2KPRO1] Returning valid cache entry: key = TDOM/NORTHAMERICA, value = S-1-5-21-2700928644-3666989044-3468193467, timeout = Thu Jan 8 19:58:24 2004 trusted domain NORTHAMERICA found (S-1-5-21-2700928644-3666989044-3468193467) attempting to make a user_info for () making strings for 's user_info struct making blobs for 's user_info struct made an encrypted user_info for () check_ntlm_password: Checking password for unmapped user []\[]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by random challenge is: [000] 1A 49 AD BB 57 A1 D2 92 .I­»W¡Ò. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups smbpasswd_getsampwrid: search by sid: S-1-5-21-1230831274-1854532264-3937569523-501 getsampwnam (smbpasswd): search by name: guest startsmbfilepwent_internal: opening file /usr/local/samba/private/smbpasswd getsmbfilepwent: end of file reached. endsmbfilepwent_internal: closed password file. pdb_set_username: setting username guest, was element 11 -> now SET pdb_set_full_name: setting full name guest, was element 12 -> now SET pdb_set_domain: setting domain THUNDERBIRD, was pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-501 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-501 from rid 501 pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-514 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-514 from rid 514 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 sys_getgrouplist: user [guest] sys_getgrouplist(): disabled winbindd for group lookup [user == guest] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 UNIX token of user 31305 Primary group is 31305 and contains 2 supplementary groups Group[ 0]: 31305 Group[ 1]: 31305 gid_to_sid: winbindd 31305 -> S-1-5-21-1659004503-1957994488-839522115-1509 fetch sid from gid cache 31305 -> S-1-5-21-1659004503-1957994488-839522115-1509 NT user token of user S-1-5-21-1230831274-1854532264-3937569523-501 contains 6 SIDs SID[ 0]: S-1-5-21-1230831274-1854532264-3937569523-501 SID[ 1]: S-1-5-21-1230831274-1854532264-3937569523-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-1659004503-1957994488-839522115-1509 make_server_info_sam: made server info for user guest -> guest check_ntlm_password: guest authentication for user [] succeeded check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded attempting to free (and zero) a user_info structure structure was created for Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Using unmodified nt session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH register_vuid: allocated vuid = 102 register_vuid: (31305,31305) guest THUNDERBIRD guest=1 User name: guest Real name: guest UNIX uid 31305 is UNIX user guest, and will be vuid 102 write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 88 got message type 0x0 of len 0x58 Transaction 64 of length 92 size=88 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1920 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=45 [000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E [010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 49 00 50 .R.B.I.R .D.\.I.P [020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. switch message SMBtconX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ Finding user guest Trying _Get_Pwnam(), username as lowercase is guest Get_Pwnam_internals did find user [guest]! Connect path is '/tmp' for service [IPC$] get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1230831274-1854532264-3937569523-501. se_access_check: user sid is S-1-5-21-1230831274-1854532264-3937569523-501 se_access_check: also S-1-5-21-1230831274-1854532264-3937569523-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-1659004503-1957994488-839522115-1509 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming IPC$ 0 get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1230831274-1854532264-3937569523-501. se_access_check: user sid is S-1-5-21-1230831274-1854532264-3937569523-501 se_access_check: also S-1-5-21-1230831274-1854532264-3937569523-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-1659004503-1957994488-839522115-1509 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 se_access_check: access (1) granted. setting sec ctx (31305, 31305) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1230831274-1854532264-3937569523-501 contains 6 SIDs SID[ 0]: S-1-5-21-1230831274-1854532264-3937569523-501 SID[ 1]: S-1-5-21-1230831274-1854532264-3937569523-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-1659004503-1957994488-839522115-1509 UNIX token of user 31305 Primary group is 31305 and contains 2 supplementary groups Group[ 0]: 31305 Group[ 1]: 31305 change_to_user uid=(31305,31305) gid=(0,31305) newvm-win2kpro1 (10.33.1.222) connect to service IPC$ initially as user guest (uid=31305, gid=31305) (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1920 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... write_socket(16,52) write_socket(16,52) wrote 52 got smb length of 100 got message type 0x0 of len 0x64 Transaction 65 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 7582 (pipes_open=1) open pipes: name srvsvc pnum=7582 do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=1984 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=33280 (0x8200) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 66 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30082 (0x7582) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7582 pipe name srvsvc pnum=7582 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7582)api_fd_reply: p:0x422b0250 max_trans_reply: 1024 write_to_pipe: 7582 name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 7582 name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 184 got message type 0x0 of len 0xb8 Transaction 67 of length 188 size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2112 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30082 (0x7582) smb_bcc=117 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e [010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [020] 00 4C 00 00 00 00 00 10 00 AC E1 FA 03 0E 00 00 .L...... .¬áú.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .d...... ........ [060] 00 70 00 75 00 62 00 6C 00 69 00 63 00 00 00 00 .p.u.b.l .i.c.... [070] 00 01 00 00 00 ..... switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7582 pipe name srvsvc pnum=7582 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7582)api_fd_reply: p:0x422b0250 max_trans_reply: 1024 write_to_pipe: 7582 name: srvsvc open: Yes len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRV_NET_SHARE_GET_INFO api_rpc_cmds[7].fn == 0x80fa4b0 000000 srv_io_q_net_share_get_info 0000 ptr_srv_name: 03fae1ac 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 00002c smb_io_unistr2 002c uni_max_len: 00000007 0030 offset : 00000000 0034 uni_str_len: 00000007 0038 buffer : p.u.b.l.i.c... 0048 info_level: 00000001 _srv_net_share_get_info: 1391 init_srv_r_net_share_get_info: 737 init_srv_share_info1: public 0 init_srv_share_info1_str _srv_net_share_get_info: 1397 000000 srv_io_r_net_share_get_info 000000 srv_io_srv_share_info info 0000 switch_value : 00000001 0004 ptr_share_ctr: 00000001 000008 srv_io_share_info1 0008 ptr_netname: 00000001 000c type : 00000000 0010 ptr_remark : 00000001 000014 srv_io_share_info1_str 000014 smb_io_unistr2 0014 uni_max_len: 00000007 0018 offset : 00000000 001c uni_str_len: 00000007 0020 buffer : p.u.b.l.i.c... 000030 smb_io_unistr2 0030 uni_max_len: 00000001 0034 offset : 00000000 0038 uni_str_len: 00000001 003c buffer : .. 0040 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 1066 write_to_pipe: data_used = 84 read_from_pipe: 7582 name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 68. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..92] size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2112 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... [010] 00 44 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .D...... ........ [020] 00 01 00 00 00 00 00 00 00 01 00 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l [040] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ [050] 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ..... write_socket(16,152) write_socket(16,152) wrote 152 got smb length of 41 got message type 0x0 of len 0x29 Transaction 68 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2176 smt_wct=3 smb_vwv[ 0]=30082 (0x7582) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=7582 pipe name srvsvc pnum=7582 (pipes_open=1) reply_pipe_close: pnum:7582 close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=7582 (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2176 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 69 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2240 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 7583 (pipes_open=1) open pipes: name srvsvc pnum=7583 do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2240 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=33536 (0x8300) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 70 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2304 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30083 (0x7583) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná [040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7583 pipe name srvsvc pnum=7583 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7583)api_fd_reply: p:0x41b6722c max_trans_reply: 1024 write_to_pipe: 7583 name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 849 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 990 check_bind_req for \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 7583 name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2304 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 184 got message type 0x0 of len 0xb8 Transaction 71 of length 188 size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30083 (0x7583) smb_bcc=117 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e [010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [020] 00 4C 00 00 00 00 00 10 00 2C E1 FA 03 0E 00 00 .L...... .,áú.... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h [040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r [050] 00 64 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .d...... ........ [060] 00 70 00 75 00 62 00 6C 00 69 00 63 00 00 00 00 .p.u.b.l .i.c.... [070] 00 01 00 00 00 ..... switch message SMBtrans (pid 11222) change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=7583 pipe name srvsvc pnum=7583 (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 7583)api_fd_reply: p:0x41b6722c max_trans_reply: 1024 write_to_pipe: 7583 name: srvsvc open: Yes len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRV_NET_SHARE_GET_INFO api_rpc_cmds[7].fn == 0x80fa4b0 000000 srv_io_q_net_share_get_info 0000 ptr_srv_name: 03fae12c 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 offset : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... 00002c smb_io_unistr2 002c uni_max_len: 00000007 0030 offset : 00000000 0034 uni_str_len: 00000007 0038 buffer : p.u.b.l.i.c... 0048 info_level: 00000001 _srv_net_share_get_info: 1391 init_srv_r_net_share_get_info: 737 init_srv_share_info1: public 0 init_srv_share_info1_str _srv_net_share_get_info: 1397 000000 srv_io_r_net_share_get_info 000000 srv_io_srv_share_info info 0000 switch_value : 00000001 0004 ptr_share_ctr: 00000001 000008 srv_io_share_info1 0008 ptr_netname: 00000001 000c type : 00000000 0010 ptr_remark : 00000001 000014 srv_io_share_info1_str 000014 smb_io_unistr2 0014 uni_max_len: 00000007 0018 offset : 00000000 001c uni_str_len: 00000007 0020 buffer : p.u.b.l.i.c... 000030 smb_io_unistr2 0030 uni_max_len: 00000001 0034 offset : 00000000 0038 uni_str_len: 00000001 003c buffer : .. 0040 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 1066 write_to_pipe: data_used = 84 read_from_pipe: 7583 name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 68. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..92] size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=101 smb_mid=2368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... [010] 00 44 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .D...... ........ [020] 00 01 00 00 00 00 00 00 00 01 00 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l [040] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ [050] 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ..... write_socket(16,152) write_socket(16,152) wrote 152 got smb length of 41 got message type 0x0 of len 0x29 Transaction 72 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=3 smb_vwv[ 0]=30083 (0x7583) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 11222) change_to_user: Skipping user change - already user search for pipe pnum=7583 pipe name srvsvc pnum=7583 (pipes_open=1) reply_pipe_close: pnum:7583 close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=7583 (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 92 got message type 0x0 of len 0x5c Transaction 73 of length 96 size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2496 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E [010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U [020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? [030] 00 . switch message SMBtconX (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [PUBLIC] making a connection to 'normal' service public Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! Connect path is '/public' for service [public] get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming public 0 get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11222) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=PUBLIC size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=101 smb_mid=2496 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... write_socket(16,58) write_socket(16,58) wrote 58 got smb length of 76 got message type 0x0 of len 0x4c Transaction 74 of length 80 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2560 smt_wct=15 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 8 (0x8) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=11 [000] 00 54 00 EC 03 00 00 00 00 00 00 .T.ì.... ... switch message SMBtrans2 (pid 11222) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) vfs_ChDir to /public call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "" unix_clean_name [] conversion finished . -> . is_in_path: . is_in_path: no name list. unix_clean_name [.] call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Thu Jan 8 19:01:22 2004 access: Thu Jan 8 19:56:00 2004 write: Thu Jan 8 19:01:22 2004 change: Thu Jan 8 19:01:22 2004 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 100 got message type 0x0 of len 0x64 Transaction 75 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2624 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 02 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ...ì.... .\.d.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\desktop.ini" unix_clean_name [/desktop.ini] stat_cache_lookup: lookup failed for name [DESKTOP.INI] unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini is_in_path: desktop.ini is_in_path: no name list. unix_clean_name [desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2624 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 76 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2688 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] stat_cache_lookup: lookup failed for name [*] unix_convert begin: name = *, dirpath = , start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 3 ms_fnmatch(*,test-test) -> 0 dos_mode: ./test-test is_in_path: ./test-test is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./test-test fname=test-test name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 4 ms_fnmatch(*,test.doc) -> 0 dos_mode: ./test.doc is_in_path: ./test.doc is_in_path: no name list. dos_mode returning a get_lanman2_dir_entry found ./test.doc fname=test.doc get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 5 ms_fnmatch(*,New Folder) -> 0 dos_mode: ./New Folder is_in_path: ./New Folder is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./New Folder fname=New Folder name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 5 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 write_socket(16,608) write_socket(16,608) wrote 608 SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 got smb length of 86 got message type 0x0 of len 0x56 Transaction 77 of length 90 size=86 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2752 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=3 [000] 00 00 00 ... switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "" unix_clean_name [] conversion finished . -> . unix_mode(.) returning 0777 allocated file structure 4233, fnum = 8329 (1 used) open_directory: opening directory . dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 8329, open name = . size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2752 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35072 (0x8900) smb_vwv[ 3]= 288 (0x120) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]=28013 (0x6D6D) smb_vwv[ 7]=23772 (0x5CDC) smb_vwv[ 8]=50134 (0xC3D6) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]= 5518 (0x158E) smb_vwv[11]=25784 (0x64B8) smb_vwv[12]=50134 (0xC3D6) smb_vwv[13]= 1 (0x1) smb_vwv[14]=28013 (0x6D6D) smb_vwv[15]=23772 (0x5CDC) smb_vwv[16]=50134 (0xC3D6) smb_vwv[17]= 1 (0x1) smb_vwv[18]=28013 (0x6D6D) smb_vwv[19]=23772 (0x5CDC) smb_vwv[20]=50134 (0xC3D6) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 78 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2816 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 23 (0x17) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 8329 (0x2089) smb_vwv[22]= 0 (0x0) smb_bcc=3 [000] 26 00 80 &.. switch message SMBnttrans (pid 11222) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 17 00 00 00 89 20 00 00 ..... .. call_nt_transact_notify_change kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 79 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2881 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 8329 (0x2089) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 26 00 80 &.. switch message SMBnttrans (pid 11222) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 03 00 00 00 89 20 01 00 ..... .. call_nt_transact_notify_change kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 70 got message type 0x0 of len 0x46 Transaction 80 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=2946 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 70 got message type 0x0 of len 0x46 Transaction 81 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3010 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 70 got message type 0x0 of len 0x46 Transaction 82 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3074 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 05 01 .C... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 70 got message type 0x0 of len 0x46 Transaction 83 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3138 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 05 01 .C... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 70 got message type 0x0 of len 0x46 Transaction 84 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3202 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 05 01 .C... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 98 got message type 0x0 of len 0x62 Transaction 85 of length 102 size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3266 smt_wct=15 smb_vwv[ 0]= 30 (0x1E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 30 (0x1E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=33 [000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w [010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 00 . .F.o.l .d.e.r.. [020] 00 . switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\New Folder" unix_clean_name [/New Folder] stat_cache_lookup: lookup failed for name [NEW FOLDER] stat_cache_add: Added entry NEW FOLDER -> New Folder conversion finished New Folder -> New Folder is_in_path: New Folder is_in_path: no name list. unix_clean_name [New Folder] call_trans2qfilepathinfo New Folder (fnum = -1) level=1004 call=5 total_data=0 dos_mode: New Folder is_in_path: New Folder is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Thu Jan 8 19:01:22 2004 access: Thu Jan 8 19:01:22 2004 write: Thu Jan 8 19:01:22 2004 change: Thu Jan 8 19:01:22 2004 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 98 got message type 0x0 of len 0x62 Transaction 86 of length 102 size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3330 smt_wct=15 smb_vwv[ 0]= 30 (0x1E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 30 (0x1E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=33 [000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w [010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 00 . .F.o.l .d.e.r.. [020] 00 . switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\New Folder" unix_clean_name [/New Folder] stat_cache_lookup: lookup succeeded for name [NEW FOLDER] -> [New Folder] is_in_path: New Folder is_in_path: no name list. unix_clean_name [New Folder] call_trans2qfilepathinfo New Folder (fnum = -1) level=1004 call=5 total_data=0 dos_mode: New Folder is_in_path: New Folder is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Thu Jan 8 19:01:22 2004 access: Thu Jan 8 19:01:22 2004 write: Thu Jan 8 19:01:22 2004 change: Thu Jan 8 19:01:22 2004 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 70 got message type 0x0 of len 0x46 Transaction 87 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3394 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 05 01 .C... switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 106 got message type 0x0 of len 0x6a Transaction 88 of length 110 size=106 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3458 smt_wct=15 smb_vwv[ 0]= 38 (0x26) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 38 (0x26) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=41 [000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w [010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. [020] 00 28 00 32 00 29 00 00 00 .(.2.).. . switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\New Folder (2)" unix_clean_name [/New Folder (2)] stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? New file New Folder (2) is_in_path: New Folder (2) is_in_path: no name list. unix_clean_name [New Folder (2)] call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3458 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 106 got message type 0x0 of len 0x6a Transaction 89 of length 110 size=106 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=8 smb_uid=101 smb_mid=3522 smt_wct=15 smb_vwv[ 0]= 38 (0x26) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 38 (0x26) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=41 [000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w [010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. [020] 00 28 00 32 00 29 00 00 00 .(.2.).. . switch message SMBtrans2 (pid 11222) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\New Folder (2)" unix_clean_name [/New Folder (2)] stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? New file New Folder (2) is_in_path: New Folder (2) is_in_path: no name list. unix_clean_name [New Folder (2)] call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=3 smb_pid=8 smb_uid=101 smb_mid=3522 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 116 got message type 0x0 of len 0x74 Transaction 90 of length 120 size=116 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1512 smb_uid=101 smb_mid=3586 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 7680 (0x1E00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=33 [000] 00 5C 00 4E 00 65 00 77 00 20 00 46 00 6F 00 6C .\.N.e.w . .F.o.l [010] 00 64 00 65 00 72 00 20 00 28 00 32 00 29 00 00 .d.e.r. .(.2.).. [020] 00 . switch message SMBntcreateX (pid 11222) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x2 to 0x10 map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 unix_convert called on file "\New Folder (2)" unix_clean_name [/New Folder (2)] stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? New file New Folder (2) unix_mode(New Folder (2)) returning 0777 allocated file structure 4234, fnum = 8330 (2 used) unix_mode(New Folder (2)) returning 0777 --11222-- FATAL: unhandled syscall: 229 --11222-- Do not panic. You may be able to fix this easily. --11222-- Read the file README_MISSING_SYSCALL_OR_IOCTL. ==11222== ==11222== Valgrind detected that your program requires ==11222== the following unimplemented functionality: ==11222== no wrapper for the above system call ==11222== This may be because the functionality is hard to implement, ==11222== or because no reasonable program would behave this way, ==11222== or because nobody has yet needed it. In any case, let me know ==11222== (jseward@acm.org) and/or try to work around the problem, if you can. ==11222== ==11222== Valgrind has to exit now. Sorry. Bye! ==11222== sched status: Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0 ==11222== at 0x420E45ED: syscall (in /lib/i686/libc-2.2.5.so) ==11222== by 0x40464C44: acl_get_file (acl_get_file.c:58) ==11222== by 0x80BF024: directory_has_default_acl (smbd/posix_acls.c:3374) ==11222== by 0x80B7BD4: vfswrap_mkdir (smbd/vfs-wrap.c:118) ==11222== by 0x80B6171: vfs_MkDir (smbd/vfs.c:357) ==11222== by 0x80B2CE3: open_directory (smbd/open.c:1308) ==11222== by 0x8095B2D: reply_ntcreate_and_X (smbd/nttrans.c:777) ==11222== by 0x80BFE38: switch_message (smbd/process.c:767) ==11222== by 0x80BFEDD: construct_reply (smbd/process.c:797) ==11222== by 0x80C01E6: process_smb (smbd/process.c:897) ==11222== by 0x80C0C53: smbd_process (smbd/process.c:1328) ==11222== by 0x81FB651: main (smbd/server.c:887) ==11222== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) ==11222== by 0x8079590: (within /usr/local/samba/sbin/smbd) lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 Linux kernel oplocks enabled open_oplock ipc: pid = 11267, global_oplock_port = 45176 Serverzone is 28800 got smb length of 68 got message type 0x81 of len 0x44 Transaction 0 of length 72 netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 claiming 0 init msg_type=0x81 msg_flags=0x0 write_socket(16,4) write_socket(16,4) wrote 4 got smb length of 133 got message type 0x0 of len 0x85 Transaction 1 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 tdb(unnamed): tdb_brlock failed (fd=5) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for open_oplock_ipc: opening loopback UDP socket. [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. bind succeeded on port 0 [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. Linux kernel oplocks enabled open_oplock ipc: pid = 11268, global_oplock_port = 45177 switch message SMBnegprot (pid 11267) Serverzone is 28800 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] set_remote_arch: Client arch is 'Win2K' lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 got smb length of 68 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 got message type 0x81 of len 0x44 Transaction 0 of length 72 netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 claiming 0 getpeername failed. Error was Transport endpoint is not connected init msg_type=0x81 msg_flags=0x0 using SPNEGO Selected protocol NT LM 0.12 negprot index=5 write_socket(16,4) size=177 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 write_socket_data: write failure. Error = Connection reset by peer write_socket(16,4) wrote -1 write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) Error writing 4 bytes to client. -1. (Connection reset by peer) smb_vwv[ 7]= 768 (0x300) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=30696 (0x77E8) smb_vwv[13]=25786 (0x64BA) smb_vwv[14]=50134 (0xC3D6) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 smb_vwv[15]=57345 (0xE001) smb_vwv[16]=27649 (0x6C01) smb_bcc=108 NT user token: (NULL) [000] 74 68 75 6E 64 65 72 62 69 72 64 00 00 00 00 00 thunderb ird..... UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... .. P0N $ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. ÷......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H.÷.... ..+..... [040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 74 68 75 6E 7...£&0$  ". thun [050] 64 65 72 62 69 72 64 24 40 4E 4F 52 54 48 41 4D derbird$ @NORTHAM [060] 45 52 49 43 41 2E 53 4E 41 50 51 41 ERICA.SN APQA write_socket(16,181) write_socket(16,181) wrote 181 change_to_root_user: now uid=(0,0) gid=(0,0) Closing connections Yielding connection to receive_local_message: doing select with timeout of 1 ms got smb length of 198 got message type 0x0 of len 0xc6 Transaction 2 of length 202 size=198 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=3648 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 198 (0xC6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=139 Server exit (process_smb: send_smb failed.) [000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" [020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... [030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ [040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11267) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 32 Making default auth method list for security=ADS Attempting to register auth backend rhosts Successfully added auth method 'rhosts' Attempting to register auth backend hostsequiv Successfully added auth method 'hostsequiv' Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' Attempting to register auth backend fixed_challenge Successfully added auth method 'fixed_challenge' Attempting to register auth backend name_to_ntstatus Successfully added auth method 'name_to_ntstatus' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe0088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 6E F8 25 8B C7 DF 29 EC nø%.Çß)ì write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 3 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=3712 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 F9 B1 N.2.K.P. R.O.1.ù± [080] C2 23 7F 60 B2 85 00 00 00 00 00 00 00 00 00 00 Â#.`²... ........ [090] 00 00 00 00 00 00 9C 96 84 D5 B7 37 3D C4 E3 8D ........ .Õ·7=Äã. [0A0] 25 64 0D 04 74 51 9D A8 6E BB 92 91 14 8E DE D1 %d..tQ.¨ n»....ÞÑ [0B0] A2 F1 C5 2D BA 7E EA 7C 33 CC 3E A6 79 5F 00 57 ¢ñÅ-º~ê| 3Ì>¦y_.W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11267) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 28 C6 1D 21 8D 44 82 39 (Æ.!.D.9 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] Opening cache file at /usr/local/samba/var/locks/gencache.tdb tdb(unnamed): tdb_brlock failed (fd=19) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for na_user5 (na_user5) making strings for na_user5's user_info struct making blobs for na_user5's user_info struct made an encrypted user_info for na_user5 (na_user5) check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 28 C6 1D 21 8D 44 82 39 (Æ.!.D.9 check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 000000 net_io_user_info3 0000 ptr_user_info : 00020004 000004 smb_io_time logon time 0004 low : 1a92c9f0 0008 high: 01c3b092 00000c smb_io_time logoff time 000c low : ffffffff 0010 high: 7fffffff 000014 smb_io_time kickoff time 0014 low : ffffffff 0018 high: 7fffffff 00001c smb_io_time last set time 001c low : 00000000 0020 high: 00000000 000024 smb_io_time can change time 0024 low : 2a69c000 0028 high: 000000c9 00002c smb_io_time must change time 002c low : ffffffff 0030 high: 7fffffff 000034 smb_io_unihdr hdr_user_name 0034 uni_str_len: 0010 0036 uni_max_len: 0012 0038 buffer : 00020008 00003c smb_io_unihdr hdr_full_name 003c uni_str_len: 0000 003e uni_max_len: 0000 0040 buffer : 00000000 000044 smb_io_unihdr hdr_logon_script 0044 uni_str_len: 0000 0046 uni_max_len: 0000 0048 buffer : 00000000 00004c smb_io_unihdr hdr_profile_path 004c uni_str_len: 0000 004e uni_max_len: 0000 0050 buffer : 00000000 000054 smb_io_unihdr hdr_home_dir 0054 uni_str_len: 0000 0056 uni_max_len: 0000 0058 buffer : 00000000 00005c smb_io_unihdr hdr_dir_drive 005c uni_str_len: 0000 005e uni_max_len: 0000 0060 buffer : 00000000 0064 logon_count : 0002 0066 bad_pw_count : 0000 0068 user_rid : 0000046e 006c group_rid : 00000201 0070 num_groups : 00000002 0074 buffer_groups : 0002000c 0078 user_flgs : 00000120 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 00008c smb_io_unihdr hdr_logon_srv 008c uni_str_len: 001c 008e uni_max_len: 001e 0090 buffer : 00020010 000094 smb_io_unihdr hdr_logon_dom 0094 uni_str_len: 0018 0096 uni_max_len: 001a 0098 buffer : 00020014 009c buffer_dom_id : 00020018 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00c8 num_other_sids: 00000000 00cc buffer_other_sids: 00000000 0000d0 smb_io_unistr2 uni_user_name 00d0 uni_max_len: 00000009 00d4 offset : 00000000 00d8 uni_str_len: 00000008 00dc buffer : n.a._.U.s.e.r.5. 0000ec smb_io_unistr2 - NULL uni_full_name 0000ec smb_io_unistr2 - NULL uni_logon_script 0000ec smb_io_unistr2 - NULL uni_profile_path 0000ec smb_io_unistr2 - NULL uni_home_dir 0000ec smb_io_unistr2 - NULL uni_dir_drive 00ec num_groups2 : 00000002 0000f0 smb_io_gid 00f0 g_rid: 00000201 00f4 attr : 00000007 0000f8 smb_io_gid 00f8 g_rid: 000023b8 00fc attr : 00000007 000100 smb_io_unistr2 uni_logon_srv 0100 uni_max_len: 0000000f 0104 offset : 00000000 0108 uni_str_len: 0000000e 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. 000128 smb_io_unistr2 uni_logon_dom 0128 uni_max_len: 0000000d 012c offset : 00000000 0130 uni_str_len: 0000000c 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. 00014c smb_io_dom_sid2 014c num_auths: 00000004 000150 smb_io_dom_sid sid 0150 sid_rev_num: 01 0151 num_auths : 04 0152 id_auth[0] : 00 0153 id_auth[1] : 00 0154 id_auth[2] : 00 0155 id_auth[3] : 00 0156 id_auth[4] : 00 0157 id_auth[5] : 05 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! fill_sam_account: located username was [NORTHAMERICA\na_user5] pdb_set_username: setting username NORTHAMERICA\na_user5, was element 11 -> now SET pdb_set_full_name: setting full name na_User5, was element 12 -> now SET pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL element 21 -> now SET pdb_set_domain: setting domain THUNDERBIRD, was pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 element 18 -> now SET pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 Home server: thunderbird pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was Home server: thunderbird pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was pdb_set_nt_username: setting nt username na_User5, was pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 pdb_set_full_name: setting full name , was na_User5 pdb_set_logon_script: setting logon script , was pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 pdb_set_dir_drive: setting dir drive , was ==11267== Syscall param write(buf) contains uninitialised or unaddressable byte(s) ==11267== at 0x420DACE4: __libc_write (in /lib/i686/libc-2.2.5.so) ==11267== by 0x81AAC6A: winbindd_send_request (nsswitch/wb_common.c:420) ==11267== by 0x81AAD16: winbindd_request (nsswitch/wb_common.c:468) ==11267== by 0x81A9C21: wb_getgroups (nsswitch/wb_client.c:253) ==11267== by 0x81D2D1A: get_user_groups (auth/auth_util.c:664) ==11267== by 0x81D3EBC: make_server_info_info3 (auth/auth_util.c:1177) ==11267== by 0x81CF87E: check_winbind_security (auth/auth_winbind.c:133) ==11267== by 0x81CD1E4: check_ntlm_password (auth/auth.c:255) ==11267== by 0x81D4DA5: auth_ntlmssp_check_password (auth/auth_ntlmssp.c:120) ==11267== by 0x80E81A5: ntlmssp_server_auth (libsmb/ntlmssp.c:664) ==11267== by 0x80E761A: ntlmssp_update (libsmb/ntlmssp.c:259) ==11267== by 0x81D50A9: auth_ntlmssp_update (auth/auth_ntlmssp.c:199) ==11267== by 0x80A4C9C: reply_spnego_auth (smbd/sesssetup.c:480) ==11267== by 0x80A4F47: reply_sesssetup_and_X_spnego (smbd/sesssetup.c:563) ==11267== by 0x80A516B: reply_sesssetup_and_X (smbd/sesssetup.c:645) ==11267== by 0x80BFE38: switch_message (smbd/process.c:767) ==11267== by 0x80BFEDD: construct_reply (smbd/process.c:797) ==11267== by 0x80C01E6: process_smb (smbd/process.c:897) ==11267== by 0x80C0C53: smbd_process (smbd/process.c:1328) ==11267== by 0x81FB651: main (smbd/server.c:887) ==11267== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) ==11267== by 0x8079590: (within /usr/local/samba/sbin/smbd) ==11267== Address 0xBFFFD1FC is on thread 1's stack get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 gid_to_sid: winbindd 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 gid_to_sid: winbindd 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 check_ntlm_password: winbind authentication for user [na_user5] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded attempting to free (and zero) a user_info structure structure was created for na_user5 Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Created NTLM2 session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH register_vuid: allocated vuid = 100 register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 User name: NORTHAMERICA\na_user5 Real name: UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 100 Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' lp_servicenumber: couldn't find homes write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 92 got message type 0x0 of len 0x5c Transaction 4 of length 96 size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=3776 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E [010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U [020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? [030] 00 . switch message SMBtconX (pid 11267) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [PUBLIC] making a connection to 'normal' service public Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! Connect path is '/public' for service [public] get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming public 0 get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11267) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=PUBLIC size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3776 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... write_socket(16,58) write_socket(16,58) wrote 58 got smb length of 86 got message type 0x0 of len 0x56 Transaction 5 of length 90 size=86 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=3840 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=3 [000] 00 00 00 ... switch message SMBntcreateX (pid 11267) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) vfs_ChDir to /public reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "" unix_clean_name [] conversion finished . -> . unix_mode(.) returning 0777 allocated file structure 3493, fnum = 7589 (1 used) open_directory: opening directory . dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 7589, open name = . size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=3840 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=42240 (0xA500) smb_vwv[ 3]= 285 (0x11D) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]=28013 (0x6D6D) smb_vwv[ 7]=23772 (0x5CDC) smb_vwv[ 8]=50134 (0xC3D6) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=30696 (0x77E8) smb_vwv[11]=25786 (0x64BA) smb_vwv[12]=50134 (0xC3D6) smb_vwv[13]= 1 (0x1) smb_vwv[14]=28013 (0x6D6D) smb_vwv[15]=23772 (0x5CDC) smb_vwv[16]=50134 (0xC3D6) smb_vwv[17]= 1 (0x1) smb_vwv[18]=28013 (0x6D6D) smb_vwv[19]=23772 (0x5CDC) smb_vwv[20]=50134 (0xC3D6) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 86 got message type 0x0 of len 0x56 Transaction 6 of length 90 size=86 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=3905 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=3 [000] 00 00 00 ... switch message SMBntcreateX (pid 11267) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x2 to 0x10 map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 unix_convert called on file "" unix_clean_name [] conversion finished . -> . unix_mode(.) returning 0777 allocated file structure 3494, fnum = 7590 (2 used) freed files structure 7590 (1 used) set_bad_path_error: err = 17 bad_path = 0 error string = File exists error packet at smbd/trans2.c(1811) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_COLLISION size=35 smb_com=0xa2 smb_rcls=53 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=3905 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 84 got message type 0x0 of len 0x54 Transaction 7 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=3968 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 23 (0x17) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 7589 (0x1DA5) smb_vwv[22]= 0 (0x0) smb_bcc=3 [000] 00 34 00 .4. switch message SMBnttrans (pid 11267) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 17 00 00 00 A5 1D 00 00 ....¥... call_nt_transact_notify_change kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 8 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4034 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 7589 (0x1DA5) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 00 34 00 .4. switch message SMBnttrans (pid 11267) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 03 00 00 00 A5 1D 01 00 ....¥... call_nt_transact_notify_change kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 106 got message type 0x0 of len 0x6a Transaction 9 of length 110 size=106 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=4097 smt_wct=15 smb_vwv[ 0]= 38 (0x26) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 38 (0x26) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=41 [000] 05 00 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 ...ì.... .\.N.e.w [010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. [020] 00 28 00 32 00 29 00 00 00 .(.2.).. . switch message SMBtrans2 (pid 11267) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\New Folder (2)" unix_clean_name [/New Folder (2)] stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? New file New Folder (2) is_in_path: New Folder (2) is_in_path: no name list. unix_clean_name [New Folder (2)] call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=4097 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 116 got message type 0x0 of len 0x74 Transaction 10 of length 120 size=116 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4161 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 7680 (0x1E00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=33 [000] 00 5C 00 4E 00 65 00 77 00 20 00 46 00 6F 00 6C .\.N.e.w . .F.o.l [010] 00 64 00 65 00 72 00 20 00 28 00 32 00 29 00 00 .d.e.r. .(.2.).. [020] 00 . switch message SMBntcreateX (pid 11267) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x2 to 0x10 map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 unix_convert called on file "\New Folder (2)" unix_clean_name [/New Folder (2)] stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled New Folder (2) ? is_mangled_component New Folder (2) (len 14) ? New file New Folder (2) unix_mode(New Folder (2)) returning 0777 allocated file structure 3495, fnum = 7591 (2 used) unix_mode(New Folder (2)) returning 0777 --11267-- FATAL: unhandled syscall: 229 --11267-- Do not panic. You may be able to fix this easily. --11267-- Read the file README_MISSING_SYSCALL_OR_IOCTL. ==11267== ==11267== Valgrind detected that your program requires ==11267== the following unimplemented functionality: ==11267== no wrapper for the above system call ==11267== This may be because the functionality is hard to implement, ==11267== or because no reasonable program would behave this way, ==11267== or because nobody has yet needed it. In any case, let me know ==11267== (jseward@acm.org) and/or try to work around the problem, if you can. ==11267== ==11267== Valgrind has to exit now. Sorry. Bye! ==11267== sched status: Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0 ==11267== at 0x420E45ED: syscall (in /lib/i686/libc-2.2.5.so) ==11267== by 0x40464C44: acl_get_file (acl_get_file.c:58) ==11267== by 0x80BF024: directory_has_default_acl (smbd/posix_acls.c:3374) ==11267== by 0x80B7BD4: vfswrap_mkdir (smbd/vfs-wrap.c:118) ==11267== by 0x80B6171: vfs_MkDir (smbd/vfs.c:357) ==11267== by 0x80B2CE3: open_directory (smbd/open.c:1308) ==11267== by 0x8095B2D: reply_ntcreate_and_X (smbd/nttrans.c:777) ==11267== by 0x80BFE38: switch_message (smbd/process.c:767) ==11267== by 0x80BFEDD: construct_reply (smbd/process.c:797) ==11267== by 0x80C01E6: process_smb (smbd/process.c:897) ==11267== by 0x80C0C53: smbd_process (smbd/process.c:1328) ==11267== by 0x81FB651: main (smbd/server.c:887) ==11267== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) ==11267== by 0x8079590: (within /usr/local/samba/sbin/smbd) lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 Linux kernel oplocks enabled open_oplock ipc: pid = 11271, global_oplock_port = 45177 Serverzone is 28800 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 tdb(unnamed): tdb_brlock failed (fd=5) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 got smb length of 68 Linux kernel oplocks enabled open_oplock ipc: pid = 11272, global_oplock_port = 45178 Serverzone is 28800 got message type 0x81 of len 0x44 Transaction 0 of length 72 netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 claiming 0 init msg_type=0x81 msg_flags=0x0 write_socket(16,4) got smb length of 68 write_socket(16,4) wrote 4 got message type 0x81 of len 0x44 got smb length of 133 Transaction 0 of length 72 got message type 0x0 of len 0x85 Transaction 1 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM claiming 0 [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 getpeername failed. Error was Transport endpoint is not connected init msg_type=0x81 msg_flags=0x0 [060] 32 00 2. write_socket(16,4) switch message SMBnegprot (pid 11271) write_socket_data: write failure. Error = Connection reset by peer write_socket(16,4) wrote -1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Error writing 4 bytes to client. -1. (Connection reset by peer) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] set_remote_arch: Client arch is 'Win2K' Closing connections lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 Yielding connection to lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 receive_local_message: doing select with timeout of 1 ms Server exit (process_smb: send_smb failed.) using SPNEGO Selected protocol NT LM 0.12 negprot index=5 size=177 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1792 (0x700) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=43285 (0xA915) smb_vwv[13]=25787 (0x64BB) smb_vwv[14]=50134 (0xC3D6) smb_vwv[15]=57345 (0xE001) smb_vwv[16]=27649 (0x6C01) smb_bcc=108 [000] 74 68 75 6E 64 65 72 62 69 72 64 00 00 00 00 00 thunderb ird..... [010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... .. P0N $ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. ÷......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H.÷.... ..+..... [040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 74 68 75 6E 7...£&0$  ". thun [050] 64 65 72 62 69 72 64 24 40 4E 4F 52 54 48 41 4D derbird$ @NORTHAM [060] 45 52 49 43 41 2E 53 4E 41 50 51 41 ERICA.SN APQA write_socket(16,181) write_socket(16,181) wrote 181 got smb length of 198 got message type 0x0 of len 0xc6 Transaction 2 of length 202 size=198 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=4224 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 198 (0xC6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=139 [000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" [020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... [030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ [040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 11271) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 32 Making default auth method list for security=ADS Attempting to register auth backend rhosts Successfully added auth method 'rhosts' Attempting to register auth backend hostsequiv Successfully added auth method 'hostsequiv' Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' Attempting to register auth backend fixed_challenge Successfully added auth method 'fixed_challenge' Attempting to register auth backend name_to_ntstatus Successfully added auth method 'name_to_ntstatus' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe0088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 1D 2A 77 25 3E A0 09 0B .*w%> .. write_socket(16,318) write_socket(16,318) wrote 318 got smb length of 322 got message type 0x0 of len 0x142 Transaction 3 of length 326 size=322 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=4288 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 322 (0x142) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 190 (0xBE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=263 [000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... [020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... [030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... [040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. [050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. [060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. [070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 09 46 N.2.K.P. R.O.1..F [080] F0 DB B7 D8 89 E6 00 00 00 00 00 00 00 00 00 00 ðÛ·Ø.æ.. ........ [090] 00 00 00 00 00 00 7C AF D6 4A 31 41 0D 19 0B 58 ......|¯ ÖJ1A...X [0A0] 63 22 1C CF B3 3F A0 54 E0 B0 82 90 91 E9 99 5B c".ϳ? T à°...é.[ [0B0] D7 59 C3 EC 68 BB 5F 7F F5 EA 3B DB 15 9F 00 57 ×YÃìh»_. õê;Û...W [0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 [0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. [100] 00 30 00 00 00 00 00 .0..... switch message SMBsesssetupX (pid 11271) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 9D 54 A6 7E 3F 95 27 B2 .T¦~?.'² lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] Opening cache file at /usr/local/samba/var/locks/gencache.tdb tdb(unnamed): tdb_brlock failed (fd=19) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 no entry for trusted domain NL found. attempting to make a user_info for na_user5 (na_user5) making strings for na_user5's user_info struct making blobs for na_user5's user_info struct made an encrypted user_info for na_user5 (na_user5) check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 9D 54 A6 7E 3F 95 27 B2 .T¦~?.'² check_ntlm_password: guest had nothing to say is_myname("NORTHAMERICA") returns 0 check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 000000 net_io_user_info3 0000 ptr_user_info : 00020004 000004 smb_io_time logon time 0004 low : 1a92c9f0 0008 high: 01c3b092 00000c smb_io_time logoff time 000c low : ffffffff 0010 high: 7fffffff 000014 smb_io_time kickoff time 0014 low : ffffffff 0018 high: 7fffffff 00001c smb_io_time last set time 001c low : 00000000 0020 high: 00000000 000024 smb_io_time can change time 0024 low : 2a69c000 0028 high: 000000c9 00002c smb_io_time must change time 002c low : ffffffff 0030 high: 7fffffff 000034 smb_io_unihdr hdr_user_name 0034 uni_str_len: 0010 0036 uni_max_len: 0012 0038 buffer : 00020008 00003c smb_io_unihdr hdr_full_name 003c uni_str_len: 0000 003e uni_max_len: 0000 0040 buffer : 00000000 000044 smb_io_unihdr hdr_logon_script 0044 uni_str_len: 0000 0046 uni_max_len: 0000 0048 buffer : 00000000 00004c smb_io_unihdr hdr_profile_path 004c uni_str_len: 0000 004e uni_max_len: 0000 0050 buffer : 00000000 000054 smb_io_unihdr hdr_home_dir 0054 uni_str_len: 0000 0056 uni_max_len: 0000 0058 buffer : 00000000 00005c smb_io_unihdr hdr_dir_drive 005c uni_str_len: 0000 005e uni_max_len: 0000 0060 buffer : 00000000 0064 logon_count : 0002 0066 bad_pw_count : 0000 0068 user_rid : 0000046e 006c group_rid : 00000201 0070 num_groups : 00000002 0074 buffer_groups : 0002000c 0078 user_flgs : 00000120 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 00008c smb_io_unihdr hdr_logon_srv 008c uni_str_len: 001c 008e uni_max_len: 001e 0090 buffer : 00020010 000094 smb_io_unihdr hdr_logon_dom 0094 uni_str_len: 0018 0096 uni_max_len: 001a 0098 buffer : 00020014 009c buffer_dom_id : 00020018 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00c8 num_other_sids: 00000000 00cc buffer_other_sids: 00000000 0000d0 smb_io_unistr2 uni_user_name 00d0 uni_max_len: 00000009 00d4 offset : 00000000 00d8 uni_str_len: 00000008 00dc buffer : n.a._.U.s.e.r.5. 0000ec smb_io_unistr2 - NULL uni_full_name 0000ec smb_io_unistr2 - NULL uni_logon_script 0000ec smb_io_unistr2 - NULL uni_profile_path 0000ec smb_io_unistr2 - NULL uni_home_dir 0000ec smb_io_unistr2 - NULL uni_dir_drive 00ec num_groups2 : 00000002 0000f0 smb_io_gid 00f0 g_rid: 00000201 00f4 attr : 00000007 0000f8 smb_io_gid 00f8 g_rid: 000023b8 00fc attr : 00000007 000100 smb_io_unistr2 uni_logon_srv 0100 uni_max_len: 0000000f 0104 offset : 00000000 0108 uni_str_len: 0000000e 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. 000128 smb_io_unistr2 uni_logon_dom 0128 uni_max_len: 0000000d 012c offset : 00000000 0130 uni_str_len: 0000000c 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. 00014c smb_io_dom_sid2 014c num_auths: 00000004 000150 smb_io_dom_sid sid 0150 sid_rev_num: 01 0151 num_auths : 04 0152 id_auth[0] : 00 0153 id_auth[1] : 00 0154 id_auth[2] : 00 0155 id_auth[3] : 00 0156 id_auth[4] : 00 0157 id_auth[5] : 05 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! fill_sam_account: located username was [NORTHAMERICA\na_user5] pdb_set_username: setting username NORTHAMERICA\na_user5, was element 11 -> now SET pdb_set_full_name: setting full name na_User5, was element 12 -> now SET pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL element 21 -> now SET pdb_set_domain: setting domain THUNDERBIRD, was pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 element 18 -> now SET pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 Home server: thunderbird pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was Home server: thunderbird pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was pdb_set_nt_username: setting nt username na_User5, was pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 pdb_set_full_name: setting full name , was na_User5 pdb_set_logon_script: setting logon script , was pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 pdb_set_dir_drive: setting dir drive , was ==11271== Syscall param write(buf) contains uninitialised or unaddressable byte(s) ==11271== at 0x420DACE4: __libc_write (in /lib/i686/libc-2.2.5.so) ==11271== by 0x81AAC6A: winbindd_send_request (nsswitch/wb_common.c:420) ==11271== by 0x81AAD16: winbindd_request (nsswitch/wb_common.c:468) ==11271== by 0x81A9C21: wb_getgroups (nsswitch/wb_client.c:253) ==11271== by 0x81D2D1A: get_user_groups (auth/auth_util.c:664) ==11271== by 0x81D3EBC: make_server_info_info3 (auth/auth_util.c:1177) ==11271== by 0x81CF87E: check_winbind_security (auth/auth_winbind.c:133) ==11271== by 0x81CD1E4: check_ntlm_password (auth/auth.c:255) ==11271== by 0x81D4DA5: auth_ntlmssp_check_password (auth/auth_ntlmssp.c:120) ==11271== by 0x80E81A5: ntlmssp_server_auth (libsmb/ntlmssp.c:664) ==11271== by 0x80E761A: ntlmssp_update (libsmb/ntlmssp.c:259) ==11271== by 0x81D50A9: auth_ntlmssp_update (auth/auth_ntlmssp.c:199) ==11271== by 0x80A4C9C: reply_spnego_auth (smbd/sesssetup.c:480) ==11271== by 0x80A4F47: reply_sesssetup_and_X_spnego (smbd/sesssetup.c:563) ==11271== by 0x80A516B: reply_sesssetup_and_X (smbd/sesssetup.c:645) ==11271== by 0x80BFE38: switch_message (smbd/process.c:767) ==11271== by 0x80BFEDD: construct_reply (smbd/process.c:797) ==11271== by 0x80C01E6: process_smb (smbd/process.c:897) ==11271== by 0x80C0C53: smbd_process (smbd/process.c:1328) ==11271== by 0x81FB651: main (smbd/server.c:887) ==11271== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) ==11271== by 0x8079590: (within /usr/local/samba/sbin/smbd) ==11271== Address 0xBFFFD1FC is on thread 1's stack get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 gid_to_sid: winbindd 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 gid_to_sid: winbindd 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 check_ntlm_password: winbind authentication for user [na_user5] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded attempting to free (and zero) a user_info structure structure was created for na_user5 Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Created NTLM2 session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH register_vuid: allocated vuid = 100 register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 User name: NORTHAMERICA\na_user5 Real name: UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 100 Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' lp_servicenumber: couldn't find homes write_socket(16,136) write_socket(16,136) wrote 136 got smb length of 92 got message type 0x0 of len 0x5c Transaction 4 of length 96 size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=4352 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E [010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U [020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? [030] 00 . switch message SMBtconX (pid 11271) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [PUBLIC] making a connection to 'normal' service public Finding user NORTHAMERICA\na_user5 Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! Connect path is '/public' for service [public] get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming public 0 get_share_security: using default secdesc for public se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11271) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=PUBLIC size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4352 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... write_socket(16,58) write_socket(16,58) wrote 58 got smb length of 86 got message type 0x0 of len 0x56 Transaction 5 of length 90 size=86 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4416 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=3 [000] 00 00 00 ... switch message SMBntcreateX (pid 11271) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) vfs_ChDir to /public reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "" unix_clean_name [] conversion finished . -> . unix_mode(.) returning 0777 allocated file structure 3503, fnum = 7599 (1 used) open_directory: opening directory . dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 7599, open name = . size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4416 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=44800 (0xAF00) smb_vwv[ 3]= 285 (0x11D) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]=28013 (0x6D6D) smb_vwv[ 7]=23772 (0x5CDC) smb_vwv[ 8]=50134 (0xC3D6) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=43285 (0xA915) smb_vwv[11]=25787 (0x64BB) smb_vwv[12]=50134 (0xC3D6) smb_vwv[13]= 1 (0x1) smb_vwv[14]=28013 (0x6D6D) smb_vwv[15]=23772 (0x5CDC) smb_vwv[16]=50134 (0xC3D6) smb_vwv[17]= 1 (0x1) smb_vwv[18]=28013 (0x6D6D) smb_vwv[19]=23772 (0x5CDC) smb_vwv[20]=50134 (0xC3D6) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 6 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4480 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 23 (0x17) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 7599 (0x1DAF) smb_vwv[22]= 0 (0x0) smb_bcc=3 [000] 00 63 00 .c. switch message SMBnttrans (pid 11271) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 17 00 00 00 AF 1D 00 00 ....¯... call_nt_transact_notify_change kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 7 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4545 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 7599 (0x1DAF) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 00 63 00 .c. switch message SMBnttrans (pid 11271) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 03 00 00 00 AF 1D 01 00 ....¯... call_nt_transact_notify_change kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 86 got message type 0x0 of len 0x56 Transaction 8 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4610 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] FF FF 7F 16 00 56 05 06 00 04 01 00 00 00 00 5C ÿÿ...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] stat_cache_lookup: lookup failed for name [*] unix_convert begin: name = *, dirpath = , start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 3 ms_fnmatch(*,test-test) -> 0 dos_mode: ./test-test is_in_path: ./test-test is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./test-test fname=test-test name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 4 ms_fnmatch(*,test.doc) -> 0 dos_mode: ./test.doc is_in_path: ./test.doc is_in_path: no name list. dos_mode returning a get_lanman2_dir_entry found ./test.doc fname=test.doc get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 5 ms_fnmatch(*,New Folder) -> 0 dos_mode: ./New Folder is_in_path: ./New Folder is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./New Folder fname=New Folder name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 5 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 write_socket(16,608) write_socket(16,608) wrote 608 SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 got smb length of 76 got message type 0x0 of len 0x4c Transaction 9 of length 80 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4674 smt_wct=15 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 8 (0x8) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=11 [000] 00 43 00 EC 03 00 00 00 00 00 00 .C.ì.... ... switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "" unix_clean_name [] conversion finished . -> . is_in_path: . is_in_path: no name list. unix_clean_name [.] call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Thu Jan 8 19:01:22 2004 access: Thu Jan 8 19:57:46 2004 write: Thu Jan 8 19:01:22 2004 change: Thu Jan 8 19:01:22 2004 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 39 got message type 0x0 of len 0x27 Transaction 10 of length 43 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=4738 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 switch message SMBulogoffX (pid 11271) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) ulogoff, vuser id 102 does not map to user. ulogoffX vuid=102 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=4738 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 write_socket(16,43) write_socket(16,43) wrote 43 got smb length of 100 got message type 0x0 of len 0x64 Transaction 11 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4802 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 05 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ...ì.... .\.d.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 11271) setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 contains 6 SIDs SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 UNIX token of user 39428 Primary group is 31947 and contains 2 supplementary groups Group[ 0]: 31947 Group[ 1]: 31956 change_to_user uid=(39428,39428) gid=(0,31947) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\desktop.ini" unix_clean_name [/desktop.ini] stat_cache_lookup: lookup failed for name [DESKTOP.INI] unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini is_in_path: desktop.ini is_in_path: no name list. unix_clean_name [desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4802 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 12 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4866 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] stat_cache_lookup: lookup failed for name [*] unix_convert begin: name = *, dirpath = , start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 3 ms_fnmatch(*,test-test) -> 0 dos_mode: ./test-test is_in_path: ./test-test is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./test-test fname=test-test name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 4 ms_fnmatch(*,test.doc) -> 0 dos_mode: ./test.doc is_in_path: ./test.doc is_in_path: no name list. dos_mode returning a get_lanman2_dir_entry found ./test.doc fname=test.doc get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 5 ms_fnmatch(*,New Folder) -> 0 dos_mode: ./New Folder is_in_path: ./New Folder is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./New Folder fname=New Folder name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 5 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 write_socket(16,608) write_socket(16,608) wrote 608 SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 got smb length of 70 got message type 0x0 of len 0x46 Transaction 13 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4930 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 70 got message type 0x0 of len 0x46 Transaction 14 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=4994 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 100 got message type 0x0 of len 0x64 Transaction 15 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=5058 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 00 20 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 . .ì.... .\.d.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\desktop.ini" unix_clean_name [/desktop.ini] stat_cache_lookup: lookup failed for name [DESKTOP.INI] unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini is_in_path: desktop.ini is_in_path: no name list. unix_clean_name [desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) set_bad_path_error: err = 2 bad_path = 0 error string = No such file or directory error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=5058 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 16 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=5122 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] stat_cache_lookup: lookup failed for name [*] unix_convert begin: name = *, dirpath = , start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: test-test is_in_path: no name list. is_in_path: test.doc is_in_path: no name list. is_in_path: New Folder is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 3 ms_fnmatch(*,test-test) -> 0 dos_mode: ./test-test is_in_path: ./test-test is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./test-test fname=test-test name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 4 ms_fnmatch(*,test.doc) -> 0 dos_mode: ./test.doc is_in_path: ./test.doc is_in_path: no name list. dos_mode returning a get_lanman2_dir_entry found ./test.doc fname=test.doc get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 5 ms_fnmatch(*,New Folder) -> 0 dos_mode: ./New Folder is_in_path: ./New Folder is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./New Folder fname=New Folder name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 5 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 write_socket(16,608) write_socket(16,608) wrote 608 SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 got smb length of 70 got message type 0x0 of len 0x46 Transaction 17 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=5186 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 70 got message type 0x0 of len 0x46 Transaction 18 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1512 smb_uid=100 smb_mid=5250 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 43 00 EF 03 .C.ï. switch message SMBtrans2 (pid 11271) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007