[2011/10/11 16:43:33.780072, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.782541, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5897, type= 0x3, gen_id = 579, uid = 0, flags = 0, file_id 801:10ca4f:0, name_hash = 0xe6b4a924 [2011/10/11 16:43:33.782606, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe6b4a924 [2011/10/11 16:43:33.782657, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004FCA [2011/10/11 16:43:33.782718, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat = 0 [2011/10/11 16:43:33.782766, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat [2011/10/11 16:43:33.782817, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/formhistory.dat (numopen=206) NT_STATUS_OK [2011/10/11 16:43:33.782865, 5] smbd/files.c:464(file_free) freed files structure 18018 (317 used) [2011/10/11 16:43:33.782912, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.782937, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53064 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.783152, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.783438, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.783491, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.783534, 3] smbd/process.c:1661(process_smb) Transaction 7810 of length 45 (0 toread) [2011/10/11 16:43:33.783575, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.783600, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53128 smt_wct=3 smb_vwv[ 0]=18019 (0x4663) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.783861, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.783890, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.783936, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.783980, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.784429, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.784581, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.784665, 3] smbd/reply.c:4850(reply_close) close fd=73 fnum=18019 (numopen=206) [2011/10/11 16:43:33.784710, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.784776, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json, file_id = 801:2111e1:0 gen_id = 580 has kernel oplock state of 1. [2011/10/11 16:43:33.784842, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E111 [2011/10/11 16:43:33.784893, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.784936, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:36:28 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.785002, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x58e6, type= 0x3, gen_id = 580, uid = 0, flags = 0, file_id 801:2111e1:0, name_hash = 0x89f42e08 [2011/10/11 16:43:33.785052, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x89f42e08 [2011/10/11 16:43:33.785098, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E111 [2011/10/11 16:43:33.785153, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json = 0 [2011/10/11 16:43:33.785199, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json [2011/10/11 16:43:33.785248, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2011-04-07.json (numopen=205) NT_STATUS_OK [2011/10/11 16:43:33.785294, 5] smbd/files.c:464(file_free) freed files structure 18019 (316 used) [2011/10/11 16:43:33.785342, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.785367, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53128 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.785607, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.785851, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.785901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.785942, 3] smbd/process.c:1661(process_smb) Transaction 7811 of length 45 (0 toread) [2011/10/11 16:43:33.785984, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.786009, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53192 smt_wct=3 smb_vwv[ 0]=18020 (0x4664) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.786270, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.786298, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.786343, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.786387, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.786853, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.786983, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.787045, 3] smbd/reply.c:4850(reply_close) close fd=74 fnum=18020 (numopen=205) [2011/10/11 16:43:33.787088, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.787148, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html, file_id = 801:2111e0:0 gen_id = 581 has kernel oplock state of 1. [2011/10/11 16:43:33.787210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E011 [2011/10/11 16:43:33.787259, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.787300, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.787365, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5903, type= 0x3, gen_id = 581, uid = 0, flags = 0, file_id 801:2111e0:0, name_hash = 0xbb9dbf02 [2011/10/11 16:43:33.787414, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb9dbf02 [2011/10/11 16:43:33.787459, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E011 [2011/10/11 16:43:33.787514, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html = 0 [2011/10/11 16:43:33.787560, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html [2011/10/11 16:43:33.787608, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-06.html (numopen=204) NT_STATUS_OK [2011/10/11 16:43:33.787654, 5] smbd/files.c:464(file_free) freed files structure 18020 (315 used) [2011/10/11 16:43:33.787701, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.787727, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53192 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.787940, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.788188, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.788237, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.788279, 3] smbd/process.c:1661(process_smb) Transaction 7812 of length 45 (0 toread) [2011/10/11 16:43:33.788321, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.788361, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53256 smt_wct=3 smb_vwv[ 0]=18021 (0x4665) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.788624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.788650, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.788695, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.788738, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.789184, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.789314, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.789372, 3] smbd/reply.c:4850(reply_close) close fd=75 fnum=18021 (numopen=204) [2011/10/11 16:43:33.789438, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.789498, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html, file_id = 801:2111df:0 gen_id = 582 has kernel oplock state of 1. [2011/10/11 16:43:33.789558, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000DF11 [2011/10/11 16:43:33.789606, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.789648, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.789712, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x5b04, type= 0x3, gen_id = 582, uid = 0, flags = 0, file_id 801:2111df:0, name_hash = 0x277d017a [2011/10/11 16:43:33.789763, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x277d017a [2011/10/11 16:43:33.789812, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000DF11 [2011/10/11 16:43:33.789866, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html = 0 [2011/10/11 16:43:33.789912, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html [2011/10/11 16:43:33.789960, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-04-08.html (numopen=203) NT_STATUS_OK [2011/10/11 16:43:33.790020, 5] smbd/files.c:464(file_free) freed files structure 18021 (314 used) [2011/10/11 16:43:33.790067, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.790092, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53256 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.790308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.790550, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.790600, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.790643, 3] smbd/process.c:1661(process_smb) Transaction 7813 of length 45 (0 toread) [2011/10/11 16:43:33.790685, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.790710, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53320 smt_wct=3 smb_vwv[ 0]=18022 (0x4666) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.790974, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.791001, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.791046, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.791089, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.791539, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.791670, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.791732, 3] smbd/reply.c:4850(reply_close) close fd=76 fnum=18022 (numopen=203) [2011/10/11 16:43:33.791775, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.791835, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html, file_id = 801:2111de:0 gen_id = 583 has kernel oplock state of 1. [2011/10/11 16:43:33.791895, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000DE11 [2011/10/11 16:43:33.791944, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.791986, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.792050, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x679d, type= 0x3, gen_id = 583, uid = 0, flags = 0, file_id 801:2111de:0, name_hash = 0x4d36e2a7 [2011/10/11 16:43:33.792117, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4d36e2a7 [2011/10/11 16:43:33.792163, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000DE11 [2011/10/11 16:43:33.792218, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html = 0 [2011/10/11 16:43:33.792264, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html [2011/10/11 16:43:33.792311, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-03-29.html (numopen=202) NT_STATUS_OK [2011/10/11 16:43:33.792357, 5] smbd/files.c:464(file_free) freed files structure 18022 (313 used) [2011/10/11 16:43:33.792404, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.792429, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53320 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.792644, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.792894, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.792944, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.792986, 3] smbd/process.c:1661(process_smb) Transaction 7814 of length 45 (0 toread) [2011/10/11 16:43:33.793028, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.793053, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53384 smt_wct=3 smb_vwv[ 0]=18023 (0x4667) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.793315, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.793341, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.793408, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.793453, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.793903, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.794033, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.794092, 3] smbd/reply.c:4850(reply_close) close fd=77 fnum=18023 (numopen=202) [2011/10/11 16:43:33.794136, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.794213, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html, file_id = 801:2111b6:0 gen_id = 584 has kernel oplock state of 1. [2011/10/11 16:43:33.794274, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B611 [2011/10/11 16:43:33.794322, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.794364, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.794429, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x67d9, type= 0x3, gen_id = 584, uid = 0, flags = 0, file_id 801:2111b6:0, name_hash = 0x4ac36d89 [2011/10/11 16:43:33.794479, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4ac36d89 [2011/10/11 16:43:33.794524, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B611 [2011/10/11 16:43:33.794578, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html = 0 [2011/10/11 16:43:33.794625, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html [2011/10/11 16:43:33.794672, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/Profiles/epr4e07f.default/bookmarkbackups/bookmarks-2006-06-09.html (numopen=201) NT_STATUS_OK [2011/10/11 16:43:33.794718, 5] smbd/files.c:464(file_free) freed files structure 18023 (312 used) [2011/10/11 16:43:33.794766, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.794791, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53384 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.795006, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.795218, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.795270, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.795312, 3] smbd/process.c:1661(process_smb) Transaction 7815 of length 45 (0 toread) [2011/10/11 16:43:33.795354, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.795379, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53448 smt_wct=3 smb_vwv[ 0]=18024 (0x4668) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.795641, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.795669, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.795714, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.795758, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.796223, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.796354, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.796414, 3] smbd/reply.c:4850(reply_close) close fd=78 fnum=18024 (numopen=201) [2011/10/11 16:43:33.796456, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.796516, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini, file_id = 801:105b67:0 gen_id = 585 has kernel oplock state of 1. [2011/10/11 16:43:33.796576, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000675B [2011/10/11 16:43:33.796624, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.796666, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.796730, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6827, type= 0x3, gen_id = 585, uid = 0, flags = 0, file_id 801:105b67:0, name_hash = 0x734a97d6 [2011/10/11 16:43:33.796780, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x734a97d6 [2011/10/11 16:43:33.796825, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000675B [2011/10/11 16:43:33.796880, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini = 0 [2011/10/11 16:43:33.796925, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini [2011/10/11 16:43:33.796972, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Firefox/profiles.ini (numopen=200) NT_STATUS_OK [2011/10/11 16:43:33.797017, 5] smbd/files.c:464(file_free) freed files structure 18024 (311 used) [2011/10/11 16:43:33.797064, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.797089, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53448 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.797303, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.797555, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.797607, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.797650, 3] smbd/process.c:1661(process_smb) Transaction 7816 of length 45 (0 toread) [2011/10/11 16:43:33.797691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.797716, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53512 smt_wct=3 smb_vwv[ 0]=18025 (0x4669) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.797978, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.798005, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.798071, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.798115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.798561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.798690, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.798753, 3] smbd/reply.c:4850(reply_close) close fd=79 fnum=18025 (numopen=200) [2011/10/11 16:43:33.798797, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.798857, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat, file_id = 801:ec78a:0 gen_id = 586 has kernel oplock state of 1. [2011/10/11 16:43:33.798918, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008AC7 [2011/10/11 16:43:33.798967, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.799009, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.799073, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6857, type= 0x3, gen_id = 586, uid = 0, flags = 0, file_id 801:ec78a:0, name_hash = 0x9262f61f [2011/10/11 16:43:33.799124, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9262f61f [2011/10/11 16:43:33.799170, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008AC7 [2011/10/11 16:43:33.799225, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat = 0 [2011/10/11 16:43:33.799270, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat [2011/10/11 16:43:33.799318, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/pluginreg.dat (numopen=199) NT_STATUS_OK [2011/10/11 16:43:33.799364, 5] smbd/files.c:464(file_free) freed files structure 18025 (310 used) [2011/10/11 16:43:33.799411, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.799437, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53512 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.799653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.800056, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 112 [2011/10/11 16:43:33.800121, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x70 [2011/10/11 16:43:33.800164, 3] smbd/process.c:1661(process_smb) Transaction 7817 of length 116 (0 toread) [2011/10/11 16:43:33.800206, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.800231, 5] lib/util.c:341(show_msg) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53576 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [2011/10/11 16:43:33.800683, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 61 00 6E 00 64 ........ .\.a.n.d [0010] 00 6F 00 5C 00 24 00 52 00 45 00 43 00 59 00 43 .o.\.$.R .E.C.Y.C [0020] 00 4C 00 45 00 2E 00 42 00 49 00 4E 00 00 00 .L.E...B .I.N... [2011/10/11 16:43:33.800813, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0c829c0 [2011/10/11 16:43:33.800858, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.800901, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.801367, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.801518, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.801562, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop [2011/10/11 16:43:33.801613, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:33.801661, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN" [2011/10/11 16:43:33.801708, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/$RECYCLE.BIN] -> [ando/$RECYCLE.BIN] [2011/10/11 16:43:33.801757, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN, dirpath = , start = ando/$RECYCLE.BIN [2011/10/11 16:43:33.801806, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.801847, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.801889, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.801933, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.801973, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.802086, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.802132, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.802173, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.802218, 3] smbd/trans2.c:5227(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of ando/$RECYCLE.BIN failed (No such file or directory) [2011/10/11 16:43:33.802272, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(5229) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:33.802317, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.802342, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53576 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.802556, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.802631, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.802680, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.802722, 3] smbd/process.c:1661(process_smb) Transaction 7818 of length 45 (0 toread) [2011/10/11 16:43:33.802763, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.802788, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53636 smt_wct=3 smb_vwv[ 0]=18026 (0x466A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.803080, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.803107, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.803153, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.803197, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.803644, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.803774, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.803818, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.803874, 3] smbd/reply.c:4850(reply_close) close fd=80 fnum=18026 (numopen=199) [2011/10/11 16:43:33.803917, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.803981, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db, file_id = 801:1f51cc:0 gen_id = 587 has kernel oplock state of 1. [2011/10/11 16:43:33.804044, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CC51 [2011/10/11 16:43:33.804095, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.804156, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.804222, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x68a6, type= 0x3, gen_id = 587, uid = 0, flags = 0, file_id 801:1f51cc:0, name_hash = 0x54e7b123 [2011/10/11 16:43:33.804274, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x54e7b123 [2011/10/11 16:43:33.804320, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CC51 [2011/10/11 16:43:33.804375, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db = 0 [2011/10/11 16:43:33.804421, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db [2011/10/11 16:43:33.804469, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/cert8.db (numopen=198) NT_STATUS_OK [2011/10/11 16:43:33.804515, 5] smbd/files.c:464(file_free) freed files structure 18026 (309 used) [2011/10/11 16:43:33.804562, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.804588, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53636 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.804802, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.804876, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 122 [2011/10/11 16:43:33.804924, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x7a [2011/10/11 16:43:33.804966, 3] smbd/process.c:1661(process_smb) Transaction 7819 of length 126 (0 toread) [2011/10/11 16:43:33.805034, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.805061, 5] lib/util.c:341(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53704 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=39 [2011/10/11 16:43:33.805681, 10] ../lib/util/util.c:415(dump_data) [0000] DB 5C 00 61 00 6E 00 64 00 6F 00 5C 00 24 00 52 .\.a.n.d .o.\.$.R [0010] 00 45 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 .E.C.Y.C .L.E...B [0020] 00 49 00 4E 00 00 00 .I.N... [2011/10/11 16:43:33.805804, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0c829c0 [2011/10/11 16:43:33.805849, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.805892, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.806360, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.806489, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.806533, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop [2011/10/11 16:43:33.806583, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.806629, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN" [2011/10/11 16:43:33.806673, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN] [2011/10/11 16:43:33.806716, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:33.806762, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.806809, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN, dirpath = ando, start = $RECYCLE.BIN [2011/10/11 16:43:33.806851, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.806892, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.806936, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.806976, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.807065, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.807109, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.807150, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.807193, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.807243, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/$RECYCLE.BIN [2011/10/11 16:43:33.807290, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/$RECYCLE.BIN, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:33.807337, 5] smbd/open.c:2613(mkdir_internal) mkdir_internal: failing create on read-only share desktop7 [2011/10/11 16:43:33.807380, 2] smbd/open.c:2807(open_directory) open_directory: unable to create ando/$RECYCLE.BIN. Error was NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807423, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807480, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807524, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.807567, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.807591, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=8 smb_pid=3584 smb_uid=102 smb_mid=53704 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.807803, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.807879, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.807926, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.807968, 3] smbd/process.c:1661(process_smb) Transaction 7820 of length 45 (0 toread) [2011/10/11 16:43:33.808010, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.808035, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53764 smt_wct=3 smb_vwv[ 0]=18027 (0x466B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.808325, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.808352, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.808397, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.808440, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.808884, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.809014, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.809058, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.809114, 3] smbd/reply.c:4850(reply_close) close fd=81 fnum=18027 (numopen=198) [2011/10/11 16:43:33.809157, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.809221, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js, file_id = 801:1f51cb:0 gen_id = 588 has kernel oplock state of 1. [2011/10/11 16:43:33.809283, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CB51 [2011/10/11 16:43:33.809334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.809395, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.809462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x68c3, type= 0x3, gen_id = 588, uid = 0, flags = 0, file_id 801:1f51cb:0, name_hash = 0x7c2e0f2a [2011/10/11 16:43:33.809532, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7c2e0f2a [2011/10/11 16:43:33.809578, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CB51 [2011/10/11 16:43:33.809633, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js = 0 [2011/10/11 16:43:33.809678, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js [2011/10/11 16:43:33.809726, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/prefs.js (numopen=197) NT_STATUS_OK [2011/10/11 16:43:33.809772, 5] smbd/files.c:464(file_free) freed files structure 18027 (308 used) [2011/10/11 16:43:33.809821, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.809845, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53764 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.810059, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.810135, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 102 [2011/10/11 16:43:33.810182, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x66 [2011/10/11 16:43:33.810223, 3] smbd/process.c:1661(process_smb) Transaction 7821 of length 106 (0 toread) [2011/10/11 16:43:33.810294, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.810319, 5] lib/util.c:341(show_msg) size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53832 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [2011/10/11 16:43:33.810771, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 24 00 52 00 45 ........ .\.$.R.E [0010] 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 00 49 .C.Y.C.L .E...B.I [0020] 00 4E 00 00 00 .N... [2011/10/11 16:43:33.810893, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0c7f270 [2011/10/11 16:43:33.810938, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.810981, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.811440, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.811570, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.811614, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop/ando [2011/10/11 16:43:33.811662, 3] smbd/trans2.c:5115(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/10/11 16:43:33.811708, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "$RECYCLE.BIN" [2011/10/11 16:43:33.811753, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [$RECYCLE.BIN] [2011/10/11 16:43:33.811797, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = $RECYCLE.BIN, dirpath = , start = $RECYCLE.BIN [2011/10/11 16:43:33.811843, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.811884, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.811928, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.811969, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.812056, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.812100, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.812142, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.812186, 3] smbd/trans2.c:5227(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of $RECYCLE.BIN failed (No such file or directory) [2011/10/11 16:43:33.812239, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(5229) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/10/11 16:43:33.812284, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.812308, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53832 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.812523, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.812593, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.812640, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.812682, 3] smbd/process.c:1661(process_smb) Transaction 7822 of length 45 (0 toread) [2011/10/11 16:43:33.812724, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.812749, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53892 smt_wct=3 smb_vwv[ 0]=18028 (0x466C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.813038, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.813065, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.813110, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.813154, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.813642, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.813772, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.813815, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.813873, 3] smbd/reply.c:4850(reply_close) close fd=82 fnum=18028 (numopen=197) [2011/10/11 16:43:33.813916, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.813980, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db, file_id = 801:1f51ca:0 gen_id = 589 has kernel oplock state of 1. [2011/10/11 16:43:33.814042, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CA51 [2011/10/11 16:43:33.814093, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.814135, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.814201, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6ac4, type= 0x3, gen_id = 589, uid = 0, flags = 0, file_id 801:1f51ca:0, name_hash = 0xac7eb75c [2011/10/11 16:43:33.814252, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xac7eb75c [2011/10/11 16:43:33.814297, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CA51 [2011/10/11 16:43:33.814352, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db = 0 [2011/10/11 16:43:33.814398, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db [2011/10/11 16:43:33.814446, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/key3.db (numopen=196) NT_STATUS_OK [2011/10/11 16:43:33.814491, 5] smbd/files.c:464(file_free) freed files structure 18028 (307 used) [2011/10/11 16:43:33.814538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.814563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=53892 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.814777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.814853, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 112 [2011/10/11 16:43:33.814901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x70 [2011/10/11 16:43:33.814943, 3] smbd/process.c:1661(process_smb) Transaction 7823 of length 116 (0 toread) [2011/10/11 16:43:33.815016, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.815042, 5] lib/util.c:341(show_msg) size=112 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53960 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6656 (0x1A00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 512 (0x200) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=29 [2011/10/11 16:43:33.815657, 10] ../lib/util/util.c:415(dump_data) [0000] F1 5C 00 24 00 52 00 45 00 43 00 59 00 43 00 4C .\.$.R.E .C.Y.C.L [0010] 00 45 00 2E 00 42 00 49 00 4E 00 00 00 .E...B.I .N... [2011/10/11 16:43:33.815751, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0c7f270 [2011/10/11 16:43:33.815797, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.815840, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.816287, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.816417, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.816461, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/desktop/ando [2011/10/11 16:43:33.816511, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 root_dir_fid = 0x0, fname = $RECYCLE.BIN [2011/10/11 16:43:33.816558, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "$RECYCLE.BIN" [2011/10/11 16:43:33.816602, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [$RECYCLE.BIN] [2011/10/11 16:43:33.816646, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = $RECYCLE.BIN, dirpath = , start = $RECYCLE.BIN [2011/10/11 16:43:33.816692, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816732, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816777, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816817, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816902, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $RECYCLE.BIN ? [2011/10/11 16:43:33.816947, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $RECYCLE.BIN (len 12) ? [2011/10/11 16:43:33.816988, 5] smbd/filename.c:781(unix_convert) New file $RECYCLE.BIN [2011/10/11 16:43:33.817031, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = $RECYCLE.BIN [2011/10/11 16:43:33.817096, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x200001 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = $RECYCLE.BIN [2011/10/11 16:43:33.817144, 5] smbd/open.c:2756(open_directory) open_directory: opening directory $RECYCLE.BIN, access_mask = 0x100001, share_access = 0x3 create_options = 0x200001, create_disposition = 0x2, file_attributes = 0x90 [2011/10/11 16:43:33.817190, 5] smbd/open.c:2613(mkdir_internal) mkdir_internal: failing create on read-only share desktop [2011/10/11 16:43:33.817234, 2] smbd/open.c:2807(open_directory) open_directory: unable to create $RECYCLE.BIN. Error was NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817277, 10] smbd/open.c:3584(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817318, 10] smbd/open.c:3864(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817362, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2011/10/11 16:43:33.817438, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.817464, 5] lib/util.c:341(show_msg) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=5 smb_pid=3584 smb_uid=102 smb_mid=53960 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.817677, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.817752, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.817799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.817841, 3] smbd/process.c:1661(process_smb) Transaction 7824 of length 45 (0 toread) [2011/10/11 16:43:33.817883, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.817907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54020 smt_wct=3 smb_vwv[ 0]=18029 (0x466D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.818170, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.818225, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.818272, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.818316, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.818765, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.818894, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.818938, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.819014, 3] smbd/reply.c:4850(reply_close) close fd=83 fnum=18029 (numopen=196) [2011/10/11 16:43:33.819058, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.819121, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf, file_id = 801:1f51c9:0 gen_id = 590 has kernel oplock state of 1. [2011/10/11 16:43:33.819184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C951 [2011/10/11 16:43:33.819240, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.819282, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.819348, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x779d, type= 0x3, gen_id = 590, uid = 0, flags = 0, file_id 801:1f51c9:0, name_hash = 0x95a0e0de [2011/10/11 16:43:33.819401, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95a0e0de [2011/10/11 16:43:33.819449, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C951 [2011/10/11 16:43:33.819504, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf = 0 [2011/10/11 16:43:33.819550, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf [2011/10/11 16:43:33.819598, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/localstore.rdf (numopen=195) NT_STATUS_OK [2011/10/11 16:43:33.819644, 5] smbd/files.c:464(file_free) freed files structure 18029 (306 used) [2011/10/11 16:43:33.819690, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.819715, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54020 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.819929, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.820002, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 130 [2011/10/11 16:43:33.820049, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x82 [2011/10/11 16:43:33.820091, 3] smbd/process.c:1661(process_smb) Transaction 7825 of length 134 (0 toread) [2011/10/11 16:43:33.820160, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.820186, 5] lib/util.c:341(show_msg) size=130 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=54088 smt_wct=15 smb_vwv[ 0]= 62 (0x3E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 62 (0x3E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=65 [2011/10/11 16:43:33.820640, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 24 00 52 00 45 .a.n.d.o .\.$.R.E [0020] 00 43 00 59 00 43 00 4C 00 45 00 2E 00 42 00 49 .C.Y.C.L .E...B.I [0030] 00 4E 00 5C 00 24 00 52 00 3C 00 22 00 2A 00 00 .N.\.$.R .<.".*.. [0040] 00 . [2011/10/11 16:43:33.820826, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:33.820887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.820930, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.821372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.821522, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.821565, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:33.821618, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:33.821669, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/$RECYCLE.BIN/$R<"*" [2011/10/11 16:43:33.821714, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN/$R<"*] [2011/10/11 16:43:33.821757, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/$RECYCLE.BIN] [2011/10/11 16:43:33.821800, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO] -> [ando] [2011/10/11 16:43:33.821846, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/$RECYCLE.BIN/$R<"*, dirpath = ando, start = $RECYCLE.BIN/$R<"* [2011/10/11 16:43:33.821895, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/$RECYCLE.BIN/$R<"*, dirpath = ando/$RECYCLE.BIN, start = $R<"* [2011/10/11 16:43:33.821937, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled $R<"* ? [2011/10/11 16:43:33.821978, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component $R<"* (len 5) ? [2011/10/11 16:43:33.822021, 5] smbd/filename.c:609(unix_convert) Wildcard $R<"* [2011/10/11 16:43:33.822063, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/$RECYCLE.BIN, mask = $R<"* [2011/10/11 16:43:33.822109, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/$RECYCLE.BIN [2011/10/11 16:43:33.822164, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/$RECYCLE.BIN, expect_close = 1 [2011/10/11 16:43:33.822206, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = $R<"*, attr = 22 [2011/10/11 16:43:33.822248, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:33.822296, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 0 [2011/10/11 16:43:33.822346, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 2147483648 [2011/10/11 16:43:33.822412, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset 4096 [2011/10/11 16:43:33.822457, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0a0a9d0 now at offset -1 [2011/10/11 16:43:33.822528, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:33.822570, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:33.822646, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(2527) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE [2011/10/11 16:43:33.822693, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.822719, 5] lib/util.c:341(show_msg) size=35 smb_com=0x32 smb_rcls=15 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=54088 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.822931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.823010, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.823058, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.823100, 3] smbd/process.c:1661(process_smb) Transaction 7826 of length 45 (0 toread) [2011/10/11 16:43:33.823142, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.823166, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54148 smt_wct=3 smb_vwv[ 0]=18030 (0x466E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.823427, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.823454, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.823499, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.823543, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.823989, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.824119, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.824162, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:33.824217, 3] smbd/reply.c:4850(reply_close) close fd=84 fnum=18030 (numopen=195) [2011/10/11 16:43:33.824260, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.824324, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini, file_id = 801:1f51c8:0 gen_id = 591 has kernel oplock state of 1. [2011/10/11 16:43:33.824387, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C851 [2011/10/11 16:43:33.824438, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.824480, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.824563, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x77d9, type= 0x3, gen_id = 591, uid = 0, flags = 0, file_id 801:1f51c8:0, name_hash = 0x938e2ddd [2011/10/11 16:43:33.824615, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x938e2ddd [2011/10/11 16:43:33.824661, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C851 [2011/10/11 16:43:33.824716, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini = 0 [2011/10/11 16:43:33.824762, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini [2011/10/11 16:43:33.824810, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compatibility.ini (numopen=194) NT_STATUS_OK [2011/10/11 16:43:33.824856, 5] smbd/files.c:464(file_free) freed files structure 18030 (305 used) [2011/10/11 16:43:33.824903, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.824928, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54148 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.825142, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.825368, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.825444, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.825487, 3] smbd/process.c:1661(process_smb) Transaction 7827 of length 45 (0 toread) [2011/10/11 16:43:33.825528, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.825553, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54212 smt_wct=3 smb_vwv[ 0]=18031 (0x466F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.825815, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.825843, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.825889, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.825933, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.826381, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.826512, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.826593, 3] smbd/reply.c:4850(reply_close) close fd=85 fnum=18031 (numopen=194) [2011/10/11 16:43:33.826637, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.826700, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db, file_id = 801:1f51c7:0 gen_id = 592 has kernel oplock state of 1. [2011/10/11 16:43:33.826761, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C751 [2011/10/11 16:43:33.826811, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.826854, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.826918, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7827, type= 0x3, gen_id = 592, uid = 0, flags = 0, file_id 801:1f51c7:0, name_hash = 0x29b4375e [2011/10/11 16:43:33.826969, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x29b4375e [2011/10/11 16:43:33.827014, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C751 [2011/10/11 16:43:33.827069, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db = 0 [2011/10/11 16:43:33.827115, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db [2011/10/11 16:43:33.827162, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/secmod.db (numopen=193) NT_STATUS_OK [2011/10/11 16:43:33.827207, 5] smbd/files.c:464(file_free) freed files structure 18031 (304 used) [2011/10/11 16:43:33.827254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.827279, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54212 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.827493, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.827739, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.827789, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.827831, 3] smbd/process.c:1661(process_smb) Transaction 7828 of length 45 (0 toread) [2011/10/11 16:43:33.827873, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.827898, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54276 smt_wct=3 smb_vwv[ 0]=18032 (0x4670) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.828158, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.828185, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.828230, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.828273, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.828736, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.828865, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.828924, 3] smbd/reply.c:4850(reply_close) close fd=86 fnum=18032 (numopen=193) [2011/10/11 16:43:33.828967, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.829027, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf, file_id = 801:1f51c6:0 gen_id = 593 has kernel oplock state of 1. [2011/10/11 16:43:33.829087, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C651 [2011/10/11 16:43:33.829136, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.829178, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.829242, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7857, type= 0x3, gen_id = 593, uid = 0, flags = 0, file_id 801:1f51c6:0, name_hash = 0x8c0bff22 [2011/10/11 16:43:33.829292, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8c0bff22 [2011/10/11 16:43:33.829337, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C651 [2011/10/11 16:43:33.829413, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf = 0 [2011/10/11 16:43:33.829459, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf [2011/10/11 16:43:33.829506, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.rdf (numopen=192) NT_STATUS_OK [2011/10/11 16:43:33.829551, 5] smbd/files.c:464(file_free) freed files structure 18032 (303 used) [2011/10/11 16:43:33.829597, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.829623, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54276 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.829837, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.830078, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.830127, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.830169, 3] smbd/process.c:1661(process_smb) Transaction 7829 of length 45 (0 toread) [2011/10/11 16:43:33.830211, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.830236, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54340 smt_wct=3 smb_vwv[ 0]=18033 (0x4671) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.830515, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.830543, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.830588, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.830631, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.831076, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.831205, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.831264, 3] smbd/reply.c:4850(reply_close) close fd=87 fnum=18033 (numopen=192) [2011/10/11 16:43:33.831307, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.831366, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf, file_id = 801:1f51c5:0 gen_id = 594 has kernel oplock state of 1. [2011/10/11 16:43:33.831426, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C551 [2011/10/11 16:43:33.831474, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.831516, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.831580, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7883, type= 0x3, gen_id = 594, uid = 0, flags = 0, file_id 801:1f51c5:0, name_hash = 0x93b485d6 [2011/10/11 16:43:33.831630, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x93b485d6 [2011/10/11 16:43:33.831678, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C551 [2011/10/11 16:43:33.831733, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf = 0 [2011/10/11 16:43:33.831778, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf [2011/10/11 16:43:33.831825, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/mimeTypes.rdf (numopen=191) NT_STATUS_OK [2011/10/11 16:43:33.831871, 5] smbd/files.c:464(file_free) freed files structure 18033 (302 used) [2011/10/11 16:43:33.831918, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.831943, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54340 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.832174, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.832408, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.832458, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.832500, 3] smbd/process.c:1661(process_smb) Transaction 7830 of length 45 (0 toread) [2011/10/11 16:43:33.832542, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.832567, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54404 smt_wct=3 smb_vwv[ 0]=18034 (0x4672) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.832828, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.832855, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.832900, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.832943, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.833413, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.833544, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.833602, 3] smbd/reply.c:4850(reply_close) close fd=88 fnum=18034 (numopen=191) [2011/10/11 16:43:33.833645, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.833704, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb, file_id = 801:1f51c4:0 gen_id = 595 has kernel oplock state of 1. [2011/10/11 16:43:33.833765, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C451 [2011/10/11 16:43:33.833814, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.833856, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.833920, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x78d8, type= 0x3, gen_id = 595, uid = 0, flags = 0, file_id 801:1f51c4:0, name_hash = 0x2b57a54c [2011/10/11 16:43:33.833970, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2b57a54c [2011/10/11 16:43:33.834015, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C451 [2011/10/11 16:43:33.834069, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb = 0 [2011/10/11 16:43:33.834133, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb [2011/10/11 16:43:33.834180, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/storage.sdb (numopen=190) NT_STATUS_OK [2011/10/11 16:43:33.834226, 5] smbd/files.c:464(file_free) freed files structure 18034 (301 used) [2011/10/11 16:43:33.834270, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.834296, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54404 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.834510, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.834739, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.834789, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.834831, 3] smbd/process.c:1661(process_smb) Transaction 7831 of length 45 (0 toread) [2011/10/11 16:43:33.834872, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.834897, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54468 smt_wct=3 smb_vwv[ 0]=18035 (0x4673) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.835158, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.835185, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.835231, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.835274, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.835721, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.835850, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.835909, 3] smbd/reply.c:4850(reply_close) close fd=89 fnum=18035 (numopen=190) [2011/10/11 16:43:33.835952, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.836011, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache, file_id = 801:1f51c3:0 gen_id = 596 has kernel oplock state of 1. [2011/10/11 16:43:33.836071, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C351 [2011/10/11 16:43:33.836120, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.836178, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.836243, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7ac4, type= 0x3, gen_id = 596, uid = 0, flags = 0, file_id 801:1f51c3:0, name_hash = 0x5bc606c4 [2011/10/11 16:43:33.836293, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5bc606c4 [2011/10/11 16:43:33.836338, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C351 [2011/10/11 16:43:33.836392, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache = 0 [2011/10/11 16:43:33.836438, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache [2011/10/11 16:43:33.836485, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.cache (numopen=189) NT_STATUS_OK [2011/10/11 16:43:33.836531, 5] smbd/files.c:464(file_free) freed files structure 18035 (300 used) [2011/10/11 16:43:33.836577, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.836603, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54468 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.836817, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.837064, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.837113, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.837155, 3] smbd/process.c:1661(process_smb) Transaction 7832 of length 45 (0 toread) [2011/10/11 16:43:33.837196, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.837221, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54532 smt_wct=3 smb_vwv[ 0]=18036 (0x4674) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.837504, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.837532, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.837576, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.837620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.838066, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.838213, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.838271, 3] smbd/reply.c:4850(reply_close) close fd=90 fnum=18036 (numopen=189) [2011/10/11 16:43:33.838314, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.838373, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat, file_id = 801:1f51c2:0 gen_id = 597 has kernel oplock state of 1. [2011/10/11 16:43:33.838433, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C251 [2011/10/11 16:43:33.838482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.838523, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.838588, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x875d, type= 0x3, gen_id = 597, uid = 0, flags = 0, file_id 801:1f51c2:0, name_hash = 0xcddf5a62 [2011/10/11 16:43:33.838637, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcddf5a62 [2011/10/11 16:43:33.838682, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C251 [2011/10/11 16:43:33.838736, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat = 0 [2011/10/11 16:43:33.838782, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat [2011/10/11 16:43:33.838829, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/compreg.dat (numopen=188) NT_STATUS_OK [2011/10/11 16:43:33.838873, 5] smbd/files.c:464(file_free) freed files structure 18036 (299 used) [2011/10/11 16:43:33.838921, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.838946, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54532 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.839160, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.839415, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.839465, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.839507, 3] smbd/process.c:1661(process_smb) Transaction 7833 of length 45 (0 toread) [2011/10/11 16:43:33.839548, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.839572, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54596 smt_wct=3 smb_vwv[ 0]=18037 (0x4675) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.839833, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.839859, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.839904, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.839948, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.840409, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.840537, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.840595, 3] smbd/reply.c:4850(reply_close) close fd=91 fnum=18037 (numopen=188) [2011/10/11 16:43:33.840638, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.840698, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat, file_id = 801:1f51b8:0 gen_id = 598 has kernel oplock state of 1. [2011/10/11 16:43:33.840758, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B851 [2011/10/11 16:43:33.840806, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.840848, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.840912, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8799, type= 0x3, gen_id = 598, uid = 0, flags = 0, file_id 801:1f51b8:0, name_hash = 0xa444ef7e [2011/10/11 16:43:33.840961, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa444ef7e [2011/10/11 16:43:33.841006, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B851 [2011/10/11 16:43:33.841060, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat = 0 [2011/10/11 16:43:33.841105, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat [2011/10/11 16:43:33.841152, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/xpti.dat (numopen=187) NT_STATUS_OK [2011/10/11 16:43:33.841198, 5] smbd/files.c:464(file_free) freed files structure 18037 (298 used) [2011/10/11 16:43:33.841244, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.841269, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54596 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.841504, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.841812, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.841862, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.841904, 3] smbd/process.c:1661(process_smb) Transaction 7834 of length 45 (0 toread) [2011/10/11 16:43:33.841945, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.841970, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54660 smt_wct=3 smb_vwv[ 0]=18038 (0x4676) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.842250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.842277, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.842322, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.842366, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.842813, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.842942, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.843000, 3] smbd/reply.c:4850(reply_close) close fd=92 fnum=18038 (numopen=187) [2011/10/11 16:43:33.843044, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.843103, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini, file_id = 801:1f51b7:0 gen_id = 599 has kernel oplock state of 1. [2011/10/11 16:43:33.843163, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B751 [2011/10/11 16:43:33.843212, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.843254, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.843318, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x87e7, type= 0x3, gen_id = 599, uid = 0, flags = 0, file_id 801:1f51b7:0, name_hash = 0x29899bf4 [2011/10/11 16:43:33.843368, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x29899bf4 [2011/10/11 16:43:33.843413, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B751 [2011/10/11 16:43:33.843468, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini = 0 [2011/10/11 16:43:33.843513, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini [2011/10/11 16:43:33.843561, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/extensions.ini (numopen=186) NT_STATUS_OK [2011/10/11 16:43:33.843606, 5] smbd/files.c:464(file_free) freed files structure 18038 (297 used) [2011/10/11 16:43:33.843654, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.843694, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54660 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.843911, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.844181, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.844229, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.844272, 3] smbd/process.c:1661(process_smb) Transaction 7835 of length 45 (0 toread) [2011/10/11 16:43:33.844313, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.844338, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54724 smt_wct=3 smb_vwv[ 0]=18039 (0x4677) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.844601, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.844628, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.844673, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.844716, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.845164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.845294, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.845349, 3] smbd/reply.c:4850(reply_close) close fd=93 fnum=18039 (numopen=186) [2011/10/11 16:43:33.845414, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.845474, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf, file_id = 801:f8caa:0 gen_id = 600 has kernel oplock state of 1. [2011/10/11 16:43:33.845534, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA8C [2011/10/11 16:43:33.845587, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.845629, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.845693, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8817, type= 0x3, gen_id = 600, uid = 0, flags = 0, file_id 801:f8caa:0, name_hash = 0x942d1736 [2011/10/11 16:43:33.845743, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x942d1736 [2011/10/11 16:43:33.845791, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA8C [2011/10/11 16:43:33.845873, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf = 0 [2011/10/11 16:43:33.845919, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf [2011/10/11 16:43:33.845967, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/US/mimeTypes.rdf (numopen=185) NT_STATUS_OK [2011/10/11 16:43:33.846012, 5] smbd/files.c:464(file_free) freed files structure 18039 (296 used) [2011/10/11 16:43:33.846059, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.846084, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54724 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.846299, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.846576, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.846628, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.846670, 3] smbd/process.c:1661(process_smb) Transaction 7836 of length 45 (0 toread) [2011/10/11 16:43:33.846712, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.846737, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54788 smt_wct=3 smb_vwv[ 0]=18040 (0x4678) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.846999, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.847026, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.847071, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.847115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.847563, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.847693, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.847753, 3] smbd/reply.c:4850(reply_close) close fd=94 fnum=18040 (numopen=185) [2011/10/11 16:43:33.847797, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.847856, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat, file_id = 801:1f5145:0 gen_id = 601 has kernel oplock state of 1. [2011/10/11 16:43:33.847917, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004551 [2011/10/11 16:43:33.847984, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.848026, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.848091, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8843, type= 0x3, gen_id = 601, uid = 0, flags = 0, file_id 801:1f5145:0, name_hash = 0xa8a02123 [2011/10/11 16:43:33.848141, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa8a02123 [2011/10/11 16:43:33.848186, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004551 [2011/10/11 16:43:33.848241, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat = 0 [2011/10/11 16:43:33.848286, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat [2011/10/11 16:43:33.848333, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/Profiles/0caugocx.default/history.dat (numopen=184) NT_STATUS_OK [2011/10/11 16:43:33.848378, 5] smbd/files.c:464(file_free) freed files structure 18040 (295 used) [2011/10/11 16:43:33.848424, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.848450, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54788 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.848664, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.848937, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.848986, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.849028, 3] smbd/process.c:1661(process_smb) Transaction 7837 of length 45 (0 toread) [2011/10/11 16:43:33.849069, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.849094, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54852 smt_wct=3 smb_vwv[ 0]=18041 (0x4679) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.849354, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.849402, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.849448, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.849491, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.849935, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.850083, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.850142, 3] smbd/reply.c:4850(reply_close) close fd=95 fnum=18041 (numopen=184) [2011/10/11 16:43:33.850185, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.850244, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini, file_id = 801:ec771:0 gen_id = 602 has kernel oplock state of 1. [2011/10/11 16:43:33.850305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000071C7 [2011/10/11 16:43:33.850354, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.850396, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.850460, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8898, type= 0x3, gen_id = 602, uid = 0, flags = 0, file_id 801:ec771:0, name_hash = 0x782947d7 [2011/10/11 16:43:33.850510, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x782947d7 [2011/10/11 16:43:33.850555, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000071C7 [2011/10/11 16:43:33.850609, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini = 0 [2011/10/11 16:43:33.850654, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini [2011/10/11 16:43:33.850701, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/Sunbird/profiles.ini (numopen=183) NT_STATUS_OK [2011/10/11 16:43:33.850746, 5] smbd/files.c:464(file_free) freed files structure 18041 (294 used) [2011/10/11 16:43:33.850796, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.850821, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54852 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.851037, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.851312, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.851363, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.851405, 3] smbd/process.c:1661(process_smb) Transaction 7838 of length 45 (0 toread) [2011/10/11 16:43:33.851447, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.851471, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54916 smt_wct=3 smb_vwv[ 0]=18042 (0x467A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.851734, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.851760, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.851806, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.851849, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.852313, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.852443, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.852501, 3] smbd/reply.c:4850(reply_close) close fd=96 fnum=18042 (numopen=183) [2011/10/11 16:43:33.852544, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.852604, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat, file_id = 801:245295:0 gen_id = 603 has kernel oplock state of 1. [2011/10/11 16:43:33.852664, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009552 [2011/10/11 16:43:33.852713, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d990 [2011/10/11 16:43:33.852755, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Apr 7 14:34:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.852819, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8a84, type= 0x3, gen_id = 603, uid = 0, flags = 0, file_id 801:245295:0, name_hash = 0x1cd20270 [2011/10/11 16:43:33.852868, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1cd20270 [2011/10/11 16:43:33.852914, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009552 [2011/10/11 16:43:33.852968, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat = 0 [2011/10/11 16:43:33.853013, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat [2011/10/11 16:43:33.853060, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/Mozilla/registry.dat (numopen=182) NT_STATUS_OK [2011/10/11 16:43:33.853105, 5] smbd/files.c:464(file_free) freed files structure 18042 (293 used) [2011/10/11 16:43:33.853150, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.853175, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54916 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.853412, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.853690, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.853741, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.853783, 3] smbd/process.c:1661(process_smb) Transaction 7839 of length 45 (0 toread) [2011/10/11 16:43:33.853825, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.853850, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54980 smt_wct=3 smb_vwv[ 0]=18043 (0x467B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.854131, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.854158, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.854204, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.854247, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.854693, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.854822, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.854880, 3] smbd/reply.c:4850(reply_close) close fd=97 fnum=18043 (numopen=182) [2011/10/11 16:43:33.854923, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.854982, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/vlcrc, file_id = 801:229261:0 gen_id = 604 has kernel oplock state of 1. [2011/10/11 16:43:33.855042, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006192 [2011/10/11 16:43:33.855090, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d980 [2011/10/11 16:43:33.855132, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.855196, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x989b, type= 0x3, gen_id = 604, uid = 0, flags = 0, file_id 801:229261:0, name_hash = 0x8ecfc677 [2011/10/11 16:43:33.855245, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8ecfc677 [2011/10/11 16:43:33.855290, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006192 [2011/10/11 16:43:33.855345, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/vlcrc = 0 [2011/10/11 16:43:33.855389, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/vlcrc [2011/10/11 16:43:33.855435, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/vlcrc (numopen=181) NT_STATUS_OK [2011/10/11 16:43:33.855479, 5] smbd/files.c:464(file_free) freed files structure 18043 (292 used) [2011/10/11 16:43:33.855526, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.855551, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=54980 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.855764, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.856036, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.856101, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.856143, 3] smbd/process.c:1661(process_smb) Transaction 7840 of length 45 (0 toread) [2011/10/11 16:43:33.856185, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.856209, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55044 smt_wct=3 smb_vwv[ 0]=18044 (0x467C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.856470, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.856496, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.856542, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.856585, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.857029, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.857159, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.857215, 3] smbd/reply.c:4850(reply_close) close fd=98 fnum=18044 (numopen=181) [2011/10/11 16:43:33.857258, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.857316, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries, file_id = 801:22d551:0 gen_id = 605 has kernel oplock state of 1. [2011/10/11 16:43:33.857397, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000051D5 [2011/10/11 16:43:33.857446, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d990 [2011/10/11 16:43:33.857488, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.857552, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x98e7, type= 0x3, gen_id = 605, uid = 0, flags = 0, file_id 801:22d551:0, name_hash = 0x1a518c30 [2011/10/11 16:43:33.857602, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1a518c30 [2011/10/11 16:43:33.857647, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000051D5 [2011/10/11 16:43:33.857702, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries = 0 [2011/10/11 16:43:33.857746, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries [2011/10/11 16:43:33.857807, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/entries (numopen=180) NT_STATUS_OK [2011/10/11 16:43:33.857852, 5] smbd/files.c:464(file_free) freed files structure 18044 (291 used) [2011/10/11 16:43:33.857899, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.857924, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55044 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.858138, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.858413, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.858463, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.858506, 3] smbd/process.c:1661(process_smb) Transaction 7841 of length 45 (0 toread) [2011/10/11 16:43:33.858548, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.858573, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55108 smt_wct=3 smb_vwv[ 0]=18045 (0x467D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.858834, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.858861, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.858906, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.858950, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.859396, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.859525, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.859586, 3] smbd/reply.c:4850(reply_close) close fd=99 fnum=18045 (numopen=180) [2011/10/11 16:43:33.859629, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.859689, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base, file_id = 801:22d49c:0 gen_id = 606 has kernel oplock state of 1. [2011/10/11 16:43:33.859749, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009CD4 [2011/10/11 16:43:33.859797, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.859840, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.859904, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9928, type= 0x3, gen_id = 606, uid = 0, flags = 0, file_id 801:22d49c:0, name_hash = 0x633ff9c5 [2011/10/11 16:43:33.859971, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x633ff9c5 [2011/10/11 16:43:33.860016, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009CD4 [2011/10/11 16:43:33.860071, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base = 0 [2011/10/11 16:43:33.860116, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base [2011/10/11 16:43:33.860163, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/prop-base/vlcrc.svn-base (numopen=179) NT_STATUS_OK [2011/10/11 16:43:33.860207, 5] smbd/files.c:464(file_free) freed files structure 18045 (290 used) [2011/10/11 16:43:33.860251, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.860276, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55108 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.860489, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.860759, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.860809, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.860851, 3] smbd/process.c:1661(process_smb) Transaction 7842 of length 45 (0 toread) [2011/10/11 16:43:33.860892, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.860916, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55172 smt_wct=3 smb_vwv[ 0]=18046 (0x467E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.861175, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.861202, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.861246, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.861289, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.861753, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.861882, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.861939, 3] smbd/reply.c:4850(reply_close) close fd=100 fnum=18046 (numopen=179) [2011/10/11 16:43:33.861982, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.862040, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base, file_id = 801:22921c:0 gen_id = 607 has kernel oplock state of 1. [2011/10/11 16:43:33.862118, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000001C92 [2011/10/11 16:43:33.862167, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:33.862209, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jun 29 15:07:16 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.862274, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9957, type= 0x3, gen_id = 607, uid = 0, flags = 0, file_id 801:22921c:0, name_hash = 0x1b106cfb [2011/10/11 16:43:33.862323, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1b106cfb [2011/10/11 16:43:33.862368, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000001C92 [2011/10/11 16:43:33.862423, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base = 0 [2011/10/11 16:43:33.862468, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base [2011/10/11 16:43:33.862515, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/vlc/.svn/text-base/vlcrc.svn-base (numopen=178) NT_STATUS_OK [2011/10/11 16:43:33.862559, 5] smbd/files.c:464(file_free) freed files structure 18046 (289 used) [2011/10/11 16:43:33.862606, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.862631, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55172 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.862845, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.863118, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.863168, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.863211, 3] smbd/process.c:1661(process_smb) Transaction 7843 of length 45 (0 toread) [2011/10/11 16:43:33.863253, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.863277, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55236 smt_wct=3 smb_vwv[ 0]=18047 (0x467F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.863538, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.863565, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.863610, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.863653, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.864117, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.864246, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.864305, 3] smbd/reply.c:4850(reply_close) close fd=101 fnum=18047 (numopen=178) [2011/10/11 16:43:33.864349, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.864409, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db, file_id = 801:1f4fc7:0 gen_id = 608 has kernel oplock state of 1. [2011/10/11 16:43:33.864469, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C74F [2011/10/11 16:43:33.864516, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.864558, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.864622, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9983, type= 0x3, gen_id = 608, uid = 0, flags = 0, file_id 801:1f4fc7:0, name_hash = 0xc730b42c [2011/10/11 16:43:33.864671, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc730b42c [2011/10/11 16:43:33.864717, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C74F [2011/10/11 16:43:33.864770, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db = 0 [2011/10/11 16:43:33.864816, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db [2011/10/11 16:43:33.864863, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/uno_packages.db (numopen=177) NT_STATUS_OK [2011/10/11 16:43:33.864908, 5] smbd/files.c:464(file_free) freed files structure 18047 (288 used) [2011/10/11 16:43:33.864954, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.864979, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55236 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.865194, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.865465, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.865515, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.865557, 3] smbd/process.c:1661(process_smb) Transaction 7844 of length 45 (0 toread) [2011/10/11 16:43:33.865598, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.865623, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55300 smt_wct=3 smb_vwv[ 0]=18048 (0x4680) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.865883, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.865910, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.865955, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.865999, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.866464, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.866594, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.866652, 3] smbd/reply.c:4850(reply_close) close fd=102 fnum=18048 (numopen=177) [2011/10/11 16:43:33.866695, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.866755, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys, file_id = 801:1f4fc5:0 gen_id = 609 has kernel oplock state of 1. [2011/10/11 16:43:33.866816, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C54F [2011/10/11 16:43:33.866865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.866907, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:20 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.866972, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x99d8, type= 0x3, gen_id = 609, uid = 0, flags = 0, file_id 801:1f4fc5:0, name_hash = 0x5101bea7 [2011/10/11 16:43:33.867021, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5101bea7 [2011/10/11 16:43:33.867067, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C54F [2011/10/11 16:43:33.867121, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys = 0 [2011/10/11 16:43:33.867167, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys [2011/10/11 16:43:33.867214, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/stamp.sys (numopen=176) NT_STATUS_OK [2011/10/11 16:43:33.867259, 5] smbd/files.c:464(file_free) freed files structure 18048 (287 used) [2011/10/11 16:43:33.867306, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.867331, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55300 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.867547, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.867821, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.867871, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.867913, 3] smbd/process.c:1661(process_smb) Transaction 7845 of length 45 (0 toread) [2011/10/11 16:43:33.867973, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.867998, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55364 smt_wct=3 smb_vwv[ 0]=18049 (0x4681) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.868261, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.868288, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.868334, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.868377, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.868825, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.868956, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.869012, 3] smbd/reply.c:4850(reply_close) close fd=103 fnum=18049 (numopen=176) [2011/10/11 16:43:33.869054, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.869113, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db, file_id = 801:201333:0 gen_id = 610 has kernel oplock state of 1. [2011/10/11 16:43:33.869173, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003313 [2011/10/11 16:43:33.869225, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8da10 [2011/10/11 16:43:33.869267, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.869332, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9bc4, type= 0x3, gen_id = 610, uid = 0, flags = 0, file_id 801:201333:0, name_hash = 0x8a3abe5d [2011/10/11 16:43:33.869403, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8a3abe5d [2011/10/11 16:43:33.869452, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003313 [2011/10/11 16:43:33.869506, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db = 0 [2011/10/11 16:43:33.869553, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db [2011/10/11 16:43:33.869616, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db (numopen=175) NT_STATUS_OK [2011/10/11 16:43:33.869663, 5] smbd/files.c:464(file_free) freed files structure 18049 (286 used) [2011/10/11 16:43:33.869711, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.869736, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55364 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.869950, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.870227, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.870278, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.870321, 3] smbd/process.c:1661(process_smb) Transaction 7846 of length 45 (0 toread) [2011/10/11 16:43:33.870362, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.870387, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55428 smt_wct=3 smb_vwv[ 0]=18050 (0x4682) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.870648, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.870675, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.870721, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.870764, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.871209, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.871338, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.871397, 3] smbd/reply.c:4850(reply_close) close fd=104 fnum=18050 (numopen=175) [2011/10/11 16:43:33.871441, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.871501, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt, file_id = 801:1f4fbb:0 gen_id = 611 has kernel oplock state of 1. [2011/10/11 16:43:33.871561, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BB4F [2011/10/11 16:43:33.871609, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:33.871651, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.871734, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa959, type= 0x3, gen_id = 611, uid = 0, flags = 0, file_id 801:1f4fbb:0, name_hash = 0x2c44eba6 [2011/10/11 16:43:33.871784, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2c44eba6 [2011/10/11 16:43:33.871829, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BB4F [2011/10/11 16:43:33.871883, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt = 0 [2011/10/11 16:43:33.871929, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt [2011/10/11 16:43:33.871975, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/uno_packages/cache/log.txt (numopen=174) NT_STATUS_OK [2011/10/11 16:43:33.872020, 5] smbd/files.c:464(file_free) freed files structure 18050 (285 used) [2011/10/11 16:43:33.872065, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.872090, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55428 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.872303, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.872572, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.872621, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.872662, 3] smbd/process.c:1661(process_smb) Transaction 7847 of length 45 (0 toread) [2011/10/11 16:43:33.872704, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.872729, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55492 smt_wct=3 smb_vwv[ 0]=18051 (0x4683) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.872990, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.873016, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.873061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.873104, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.873571, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.873700, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.873776, 3] smbd/reply.c:4850(reply_close) close fd=105 fnum=18051 (numopen=174) [2011/10/11 16:43:33.873820, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.873880, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu, file_id = 801:1d8fc4:0 gen_id = 612 has kernel oplock state of 1. [2011/10/11 16:43:33.873940, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C48F [2011/10/11 16:43:33.873989, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.874031, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.874095, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa9a7, type= 0x3, gen_id = 612, uid = 0, flags = 0, file_id 801:1d8fc4:0, name_hash = 0xd97c2776 [2011/10/11 16:43:33.874145, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd97c2776 [2011/10/11 16:43:33.874190, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C48F [2011/10/11 16:43:33.874244, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu = 0 [2011/10/11 16:43:33.874290, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu [2011/10/11 16:43:33.874337, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/UserProfile.xcu (numopen=173) NT_STATUS_OK [2011/10/11 16:43:33.874384, 5] smbd/files.c:464(file_free) freed files structure 18051 (284 used) [2011/10/11 16:43:33.874430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.874455, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55492 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.874670, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.874944, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.874994, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.875037, 3] smbd/process.c:1661(process_smb) Transaction 7848 of length 45 (0 toread) [2011/10/11 16:43:33.875079, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.875103, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55556 smt_wct=3 smb_vwv[ 0]=18052 (0x4684) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.875365, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.875392, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.875437, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.875480, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.875944, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.876073, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.876132, 3] smbd/reply.c:4850(reply_close) close fd=106 fnum=18052 (numopen=173) [2011/10/11 16:43:33.876175, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.876235, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu, file_id = 801:1d8fc3:0 gen_id = 613 has kernel oplock state of 1. [2011/10/11 16:43:33.876295, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C38F [2011/10/11 16:43:33.876343, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.876386, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.876450, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa9e8, type= 0x3, gen_id = 613, uid = 0, flags = 0, file_id 801:1d8fc3:0, name_hash = 0x15cdcbee [2011/10/11 16:43:33.876500, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x15cdcbee [2011/10/11 16:43:33.876546, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C38F [2011/10/11 16:43:33.876600, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu = 0 [2011/10/11 16:43:33.876646, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu [2011/10/11 16:43:33.876694, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Setup.xcu (numopen=172) NT_STATUS_OK [2011/10/11 16:43:33.876740, 5] smbd/files.c:464(file_free) freed files structure 18052 (283 used) [2011/10/11 16:43:33.876787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.876812, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55556 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.877027, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.877298, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.877347, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.877411, 3] smbd/process.c:1661(process_smb) Transaction 7849 of length 45 (0 toread) [2011/10/11 16:43:33.877454, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.877478, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55620 smt_wct=3 smb_vwv[ 0]=18053 (0x4685) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.877760, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.877787, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.877832, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.877875, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.878323, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.878454, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.878512, 3] smbd/reply.c:4850(reply_close) close fd=107 fnum=18053 (numopen=172) [2011/10/11 16:43:33.878555, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.878615, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu, file_id = 801:1dd00e:0 gen_id = 614 has kernel oplock state of 1. [2011/10/11 16:43:33.878675, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000ED0 [2011/10/11 16:43:33.878723, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.878765, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:13 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.878830, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa0c, type= 0x3, gen_id = 614, uid = 0, flags = 0, file_id 801:1dd00e:0, name_hash = 0x8214ca92 [2011/10/11 16:43:33.878879, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8214ca92 [2011/10/11 16:43:33.878924, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000ED0 [2011/10/11 16:43:33.878979, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu = 0 [2011/10/11 16:43:33.879025, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu [2011/10/11 16:43:33.879072, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Logging.xcu (numopen=171) NT_STATUS_OK [2011/10/11 16:43:33.879118, 5] smbd/files.c:464(file_free) freed files structure 18053 (282 used) [2011/10/11 16:43:33.879165, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.879205, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55620 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.879420, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.879483, 10] lib/events.c:221(run_events_poll) Running timed event "update_write_time_handler" 0x7fc9b0d84cb0 [2011/10/11 16:43:33.879530, 5] smbd/fileio.c:185(update_write_time_handler) Update write time on ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:33.879575, 5] locking/locking.c:1657(set_write_time) set_write_time: Tue Oct 11 16:43:34 2011 CEST id=803:404092:0 [2011/10/11 16:43:33.879634, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009240 [2011/10/11 16:43:33.879711, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a52d20 [2011/10/11 16:43:33.879754, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:32 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:33.879817, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.879874, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.879924, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Tue Oct 11 16:43:34 2011 CEST cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:33.879989, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.880041, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:33.880089, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009240 [2011/10/11 16:43:33.880159, 10] smbd/notify_internal.c:930(notify_trigger) notify_trigger called action=0x3, filter=0x10, path=/home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:33.880224, 10] smbd/notify_internal.c:235(notify_load) notify_load: [2011/10/11 16:43:33.880266, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) notify->array: struct notify_array num_depths : 0x00000009 (9) depth: ARRAY(9) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000017 (23) num_entries : 0x00000001 (1) entries: ARRAY(1) entries: struct notify_entry server: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) filter : 0x00000000 (0) subdir_filter : 0x00000017 (23) dir_fd : 0x00000184 (388) dir_id: struct file_id devid : 0x0000000000000801 (2049) inode : 0x0000000000158d4f (1412431) extid : 0x0000000000000000 (0) path : '/tmp/andolan/desktop/ando' path_len : 0x00000019 (25) private_data : 0x7fc9b0d8c8a0 depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000000 (0) num_entries : 0x00000000 (0) entries: ARRAY(0) depth: struct notify_depth max_mask : 0x00000000 (0) max_mask_subdir : 0x00000017 (23) num_entries : 0x00000001 (1) entries: ARRAY(1) entries: struct notify_entry server: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) filter : 0x00000000 (0) subdir_filter : 0x00000017 (23) dir_fd : 0x00000182 (386) dir_id: struct file_id devid : 0x0000000000000803 (2051) inode : 0x000000000040408f (4210831) extid : 0x0000000000000000 (0) path : '/home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned' path_len : 0x0000004d (77) private_data : 0x7fc9b0d89af0 [2011/10/11 16:43:33.881792, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2011/10/11 16:43:33.881835, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PVFS_NOTIFY (784) dest: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) src: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) buf : DATA_BLOB length=32 [0000] 03 00 00 00 54 61 73 6B 42 61 72 2F 64 65 73 6B ....Task Bar/desk [0010] 74 6F 70 2E 69 6E 69 00 F0 9A D8 B0 C9 7F 00 00 top.ini. ........ [2011/10/11 16:43:33.882305, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2011/10/11 16:43:33.882351, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2011/10/11 16:43:33.882401, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2011/10/11 16:43:33.882442, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PVFS_NOTIFY (784) dest: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) src: struct server_id pid : 0x000021d3 (8659) vnn : 0xffffffff (4294967295) unique_id : 0x4442c79dcf2d1b32 (4918713223641635634) buf : DATA_BLOB length=32 [0000] 03 00 00 00 54 61 73 6B 42 61 72 2F 64 65 73 6B ....Task Bar/desk [0010] 74 6F 70 2E 69 6E 69 00 F0 9A D8 B0 C9 7F 00 00 top.ini. ........ [2011/10/11 16:43:33.882838, 10] smbd/notify.c:173(notify_callback) notify_callback called for ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:33.882886, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &m: struct FILE_NOTIFY_INFORMATION NextEntryOffset : 0x00000000 (0) Action : FILE_ACTION_MODIFIED (3) FileNameLength : 0x00000026 (38) FileName1 : 'TaskBar\desktop.ini' [2011/10/11 16:43:33.883007, 10] smbd/notify.c:121(notify_marshall_changes) Client only wanted 32 bytes, trying to marshall 88 bytes [2011/10/11 16:43:33.883051, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.883076, 5] lib/util.c:341(show_msg) size=71 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=49765 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=0 [2011/10/11 16:43:33.883574, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.883681, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.883729, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.883771, 3] smbd/process.c:1661(process_smb) Transaction 7850 of length 45 (0 toread) [2011/10/11 16:43:33.883813, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.883854, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55684 smt_wct=3 smb_vwv[ 0]=18054 (0x4686) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.884114, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.884142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.884188, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.884232, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.884677, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.884810, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.884881, 3] smbd/reply.c:4850(reply_close) close fd=108 fnum=18054 (numopen=171) [2011/10/11 16:43:33.884925, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.884988, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu, file_id = 801:1dd00d:0 gen_id = 615 has kernel oplock state of 1. [2011/10/11 16:43:33.885050, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000DD0 [2011/10/11 16:43:33.885099, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.885141, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.885206, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa58, type= 0x3, gen_id = 615, uid = 0, flags = 0, file_id 801:1dd00d:0, name_hash = 0x4310462e [2011/10/11 16:43:33.885257, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4310462e [2011/10/11 16:43:33.885302, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000DD0 [2011/10/11 16:43:33.885357, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu = 0 [2011/10/11 16:43:33.885426, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu [2011/10/11 16:43:33.885475, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Writer.xcu (numopen=170) NT_STATUS_OK [2011/10/11 16:43:33.885535, 5] smbd/files.c:464(file_free) freed files structure 18054 (281 used) [2011/10/11 16:43:33.885583, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.885608, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55684 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.885821, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.886078, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.886130, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.886172, 3] smbd/process.c:1661(process_smb) Transaction 7851 of length 45 (0 toread) [2011/10/11 16:43:33.886214, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.886239, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55748 smt_wct=3 smb_vwv[ 0]=18055 (0x4687) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.886500, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.886527, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.886573, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.886617, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.887067, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.887198, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.887257, 3] smbd/reply.c:4850(reply_close) close fd=109 fnum=18055 (numopen=170) [2011/10/11 16:43:33.887300, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.887361, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu, file_id = 801:1dd00c:0 gen_id = 616 has kernel oplock state of 1. [2011/10/11 16:43:33.887425, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000CD0 [2011/10/11 16:43:33.887475, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.887517, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.887581, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xaa83, type= 0x3, gen_id = 616, uid = 0, flags = 0, file_id 801:1dd00c:0, name_hash = 0x3bbfe0a [2011/10/11 16:43:33.887651, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3bbfe0a [2011/10/11 16:43:33.887698, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000CD0 [2011/10/11 16:43:33.887753, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu = 0 [2011/10/11 16:43:33.887798, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu [2011/10/11 16:43:33.887846, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Views.xcu (numopen=169) NT_STATUS_OK [2011/10/11 16:43:33.887892, 5] smbd/files.c:464(file_free) freed files structure 18055 (280 used) [2011/10/11 16:43:33.887938, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.887963, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55748 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.888178, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.888455, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.888504, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.888546, 3] smbd/process.c:1661(process_smb) Transaction 7852 of length 45 (0 toread) [2011/10/11 16:43:33.888588, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.888613, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55812 smt_wct=3 smb_vwv[ 0]=18056 (0x4688) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.888875, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.888902, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.888947, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.888990, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.889461, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.889592, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.889651, 3] smbd/reply.c:4850(reply_close) close fd=110 fnum=18056 (numopen=169) [2011/10/11 16:43:33.889695, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.889755, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu, file_id = 801:1dd00b:0 gen_id = 617 has kernel oplock state of 1. [2011/10/11 16:43:33.889834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000BD0 [2011/10/11 16:43:33.889882, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.889925, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.889989, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xac84, type= 0x3, gen_id = 617, uid = 0, flags = 0, file_id 801:1dd00b:0, name_hash = 0xbcd81b5e [2011/10/11 16:43:33.890039, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbcd81b5e [2011/10/11 16:43:33.890084, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000BD0 [2011/10/11 16:43:33.890139, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu = 0 [2011/10/11 16:43:33.890184, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu [2011/10/11 16:43:33.890232, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Recovery.xcu (numopen=168) NT_STATUS_OK [2011/10/11 16:43:33.890277, 5] smbd/files.c:464(file_free) freed files structure 18056 (279 used) [2011/10/11 16:43:33.890324, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.890349, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55812 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.890564, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.890829, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.890879, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.890921, 3] smbd/process.c:1661(process_smb) Transaction 7853 of length 45 (0 toread) [2011/10/11 16:43:33.890963, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.890988, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55876 smt_wct=3 smb_vwv[ 0]=18057 (0x4689) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.891250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.891277, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.891322, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.891366, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.891832, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.891961, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.892021, 3] smbd/reply.c:4850(reply_close) close fd=111 fnum=18057 (numopen=168) [2011/10/11 16:43:33.892065, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.892126, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu, file_id = 801:1dd00a:0 gen_id = 618 has kernel oplock state of 1. [2011/10/11 16:43:33.892186, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000000AD0 [2011/10/11 16:43:33.892238, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.892281, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:48 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.892345, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb919, type= 0x3, gen_id = 618, uid = 0, flags = 0, file_id 801:1dd00a:0, name_hash = 0xfa8cb831 [2011/10/11 16:43:33.892395, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfa8cb831 [2011/10/11 16:43:33.892443, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000000AD0 [2011/10/11 16:43:33.892498, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu = 0 [2011/10/11 16:43:33.892543, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu [2011/10/11 16:43:33.892591, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Linguistic.xcu (numopen=167) NT_STATUS_OK [2011/10/11 16:43:33.892637, 5] smbd/files.c:464(file_free) freed files structure 18057 (278 used) [2011/10/11 16:43:33.892683, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.892708, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55876 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.892922, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.893205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.893254, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.893296, 3] smbd/process.c:1661(process_smb) Transaction 7854 of length 45 (0 toread) [2011/10/11 16:43:33.893337, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.893363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55940 smt_wct=3 smb_vwv[ 0]=18058 (0x468A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.893663, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.893691, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.893755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.893799, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.894246, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.894376, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.894434, 3] smbd/reply.c:4850(reply_close) close fd=112 fnum=18058 (numopen=167) [2011/10/11 16:43:33.894478, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.894538, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu, file_id = 801:1dd009:0 gen_id = 619 has kernel oplock state of 1. [2011/10/11 16:43:33.894599, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000009D0 [2011/10/11 16:43:33.894648, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.894690, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:14 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.894754, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb967, type= 0x3, gen_id = 619, uid = 0, flags = 0, file_id 801:1dd009:0, name_hash = 0xc915a292 [2011/10/11 16:43:33.894804, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc915a292 [2011/10/11 16:43:33.894848, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000009D0 [2011/10/11 16:43:33.894903, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu = 0 [2011/10/11 16:43:33.894949, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu [2011/10/11 16:43:33.894997, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Jobs.xcu (numopen=166) NT_STATUS_OK [2011/10/11 16:43:33.895042, 5] smbd/files.c:464(file_free) freed files structure 18058 (277 used) [2011/10/11 16:43:33.895088, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.895114, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=55940 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.895328, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.895629, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.895682, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.895725, 3] smbd/process.c:1661(process_smb) Transaction 7855 of length 45 (0 toread) [2011/10/11 16:43:33.895766, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.895791, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56004 smt_wct=3 smb_vwv[ 0]=18059 (0x468B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.896052, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.896079, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.896124, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.896168, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.896614, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.896743, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.896804, 3] smbd/reply.c:4850(reply_close) close fd=113 fnum=18059 (numopen=166) [2011/10/11 16:43:33.896847, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.896907, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu, file_id = 801:1dd008:0 gen_id = 620 has kernel oplock state of 1. [2011/10/11 16:43:33.896967, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000008D0 [2011/10/11 16:43:33.897016, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.897058, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:29:24 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.897123, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb9a8, type= 0x3, gen_id = 620, uid = 0, flags = 0, file_id 801:1dd008:0, name_hash = 0xe6dd2504 [2011/10/11 16:43:33.897172, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe6dd2504 [2011/10/11 16:43:33.897217, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000008D0 [2011/10/11 16:43:33.897272, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu = 0 [2011/10/11 16:43:33.897335, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu [2011/10/11 16:43:33.897404, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/data/org/openoffice/Office/Common.xcu (numopen=165) NT_STATUS_OK [2011/10/11 16:43:33.897451, 5] smbd/files.c:464(file_free) freed files structure 18059 (276 used) [2011/10/11 16:43:33.897497, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.897522, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56004 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.897737, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.898022, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.898073, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.898116, 3] smbd/process.c:1661(process_smb) Transaction 7856 of length 45 (0 toread) [2011/10/11 16:43:33.898157, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.898182, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56068 smt_wct=3 smb_vwv[ 0]=18060 (0x468C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.898444, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.898472, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.898517, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.898560, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.899007, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.899137, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.899197, 3] smbd/reply.c:4850(reply_close) close fd=114 fnum=18060 (numopen=165) [2011/10/11 16:43:33.899240, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.899300, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat, file_id = 801:1ccfcc:0 gen_id = 621 has kernel oplock state of 1. [2011/10/11 16:43:33.899362, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CCCF [2011/10/11 16:43:33.899410, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.899452, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.899535, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb9cc, type= 0x3, gen_id = 621, uid = 0, flags = 0, file_id 801:1ccfcc:0, name_hash = 0x86638867 [2011/10/11 16:43:33.899585, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x86638867 [2011/10/11 16:43:33.899630, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CCCF [2011/10/11 16:43:33.899684, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat = 0 [2011/10/11 16:43:33.899731, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat [2011/10/11 16:43:33.899779, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleWindowState.dat (numopen=164) NT_STATUS_OK [2011/10/11 16:43:33.899825, 5] smbd/files.c:464(file_free) freed files structure 18060 (275 used) [2011/10/11 16:43:33.899872, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.899897, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56068 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.900112, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.900393, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.900442, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.900485, 3] smbd/process.c:1661(process_smb) Transaction 7857 of length 45 (0 toread) [2011/10/11 16:43:33.900527, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.900551, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56132 smt_wct=3 smb_vwv[ 0]=18061 (0x468D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.900812, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.900839, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.900884, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.900928, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.901394, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.901543, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.901601, 3] smbd/reply.c:4850(reply_close) close fd=115 fnum=18061 (numopen=164) [2011/10/11 16:43:33.901644, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.901704, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat, file_id = 801:1ccfcb:0 gen_id = 622 has kernel oplock state of 1. [2011/10/11 16:43:33.901764, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CBCF [2011/10/11 16:43:33.901812, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.901854, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.901919, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xba18, type= 0x3, gen_id = 622, uid = 0, flags = 0, file_id 801:1ccfcb:0, name_hash = 0xa76cb0f5 [2011/10/11 16:43:33.901969, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa76cb0f5 [2011/10/11 16:43:33.902014, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CBCF [2011/10/11 16:43:33.902068, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat = 0 [2011/10/11 16:43:33.902114, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat [2011/10/11 16:43:33.902162, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.StartModuleCommands.dat (numopen=163) NT_STATUS_OK [2011/10/11 16:43:33.902208, 5] smbd/files.c:464(file_free) freed files structure 18061 (274 used) [2011/10/11 16:43:33.902254, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.902279, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56132 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.902493, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.902780, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.902831, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.902874, 3] smbd/process.c:1661(process_smb) Transaction 7858 of length 45 (0 toread) [2011/10/11 16:43:33.902916, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.902940, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56196 smt_wct=3 smb_vwv[ 0]=18062 (0x468E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.903201, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.903228, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.903274, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.903317, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.903782, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.903912, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.903969, 3] smbd/reply.c:4850(reply_close) close fd=116 fnum=18062 (numopen=163) [2011/10/11 16:43:33.904012, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.904072, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat, file_id = 801:1ccfca:0 gen_id = 623 has kernel oplock state of 1. [2011/10/11 16:43:33.904132, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CACF [2011/10/11 16:43:33.904181, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.904223, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:00 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.904288, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xba43, type= 0x3, gen_id = 623, uid = 0, flags = 0, file_id 801:1ccfca:0, name_hash = 0xac03f184 [2011/10/11 16:43:33.904338, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xac03f184 [2011/10/11 16:43:33.904383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CACF [2011/10/11 16:43:33.904437, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat = 0 [2011/10/11 16:43:33.904484, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat [2011/10/11 16:43:33.904531, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathWindowState.dat (numopen=162) NT_STATUS_OK [2011/10/11 16:43:33.904576, 5] smbd/files.c:464(file_free) freed files structure 18062 (273 used) [2011/10/11 16:43:33.904623, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.904648, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56196 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.904862, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.905137, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.905187, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.905229, 3] smbd/process.c:1661(process_smb) Transaction 7859 of length 45 (0 toread) [2011/10/11 16:43:33.905288, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.905313, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56260 smt_wct=3 smb_vwv[ 0]=18063 (0x468F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.905597, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.905624, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.905669, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.905713, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.906160, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.906289, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.906346, 3] smbd/reply.c:4850(reply_close) close fd=117 fnum=18063 (numopen=162) [2011/10/11 16:43:33.906389, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.906449, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat, file_id = 801:1ccfc9:0 gen_id = 624 has kernel oplock state of 1. [2011/10/11 16:43:33.906509, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C9CF [2011/10/11 16:43:33.906559, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.906601, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:00 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.906666, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xbc44, type= 0x3, gen_id = 624, uid = 0, flags = 0, file_id 801:1ccfc9:0, name_hash = 0x6e0c138 [2011/10/11 16:43:33.906715, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6e0c138 [2011/10/11 16:43:33.906761, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C9CF [2011/10/11 16:43:33.906815, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat = 0 [2011/10/11 16:43:33.906861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat [2011/10/11 16:43:33.906908, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.MathCommands.dat (numopen=161) NT_STATUS_OK [2011/10/11 16:43:33.906972, 5] smbd/files.c:464(file_free) freed files structure 18063 (272 used) [2011/10/11 16:43:33.907018, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.907043, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56260 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.907258, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.907543, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.907595, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.907637, 3] smbd/process.c:1661(process_smb) Transaction 7860 of length 45 (0 toread) [2011/10/11 16:43:33.907679, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.907703, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56324 smt_wct=3 smb_vwv[ 0]=18064 (0x4690) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.907966, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.907993, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.908039, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.908083, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.908531, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.908661, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.908718, 3] smbd/reply.c:4850(reply_close) close fd=118 fnum=18064 (numopen=161) [2011/10/11 16:43:33.908762, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.908821, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat, file_id = 801:1ccfc8:0 gen_id = 625 has kernel oplock state of 1. [2011/10/11 16:43:33.908881, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C8CF [2011/10/11 16:43:33.908930, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.908972, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:54 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.909037, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc8d9, type= 0x3, gen_id = 625, uid = 0, flags = 0, file_id 801:1ccfc8:0, name_hash = 0x3d82f05b [2011/10/11 16:43:33.909104, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d82f05b [2011/10/11 16:43:33.909150, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C8CF [2011/10/11 16:43:33.909204, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat = 0 [2011/10/11 16:43:33.909251, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat [2011/10/11 16:43:33.909299, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.ImpressWindowState.dat (numopen=160) NT_STATUS_OK [2011/10/11 16:43:33.909344, 5] smbd/files.c:464(file_free) freed files structure 18064 (271 used) [2011/10/11 16:43:33.909413, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.909439, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56324 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.909653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.909937, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.909988, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.910030, 3] smbd/process.c:1661(process_smb) Transaction 7861 of length 45 (0 toread) [2011/10/11 16:43:33.910072, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.910097, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56388 smt_wct=3 smb_vwv[ 0]=18065 (0x4691) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.910359, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.910386, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.910431, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.910474, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.910922, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.911051, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.911108, 3] smbd/reply.c:4850(reply_close) close fd=119 fnum=18065 (numopen=160) [2011/10/11 16:43:33.911151, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.911226, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat, file_id = 801:1ccfc7:0 gen_id = 626 has kernel oplock state of 1. [2011/10/11 16:43:33.911286, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C7CF [2011/10/11 16:43:33.911340, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.911382, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:50 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.911446, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc927, type= 0x3, gen_id = 626, uid = 0, flags = 0, file_id 801:1ccfc7:0, name_hash = 0x31dc4069 [2011/10/11 16:43:33.911496, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x31dc4069 [2011/10/11 16:43:33.911544, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C7CF [2011/10/11 16:43:33.911599, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat = 0 [2011/10/11 16:43:33.911644, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat [2011/10/11 16:43:33.911692, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Effects.dat (numopen=159) NT_STATUS_OK [2011/10/11 16:43:33.911738, 5] smbd/files.c:464(file_free) freed files structure 18065 (270 used) [2011/10/11 16:43:33.911784, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.911809, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56388 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.912022, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.912299, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.912348, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.912390, 3] smbd/process.c:1661(process_smb) Transaction 7862 of length 45 (0 toread) [2011/10/11 16:43:33.912432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.912457, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56452 smt_wct=3 smb_vwv[ 0]=18066 (0x4692) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.912716, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.912743, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.912788, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.912832, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.913294, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.913446, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.913504, 3] smbd/reply.c:4850(reply_close) close fd=120 fnum=18066 (numopen=159) [2011/10/11 16:43:33.913547, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.913606, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat, file_id = 801:1ccfc6:0 gen_id = 627 has kernel oplock state of 1. [2011/10/11 16:43:33.913667, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C6CF [2011/10/11 16:43:33.913715, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.913757, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:45 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.913821, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc968, type= 0x3, gen_id = 627, uid = 0, flags = 0, file_id 801:1ccfc6:0, name_hash = 0xe91b473f [2011/10/11 16:43:33.913871, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe91b473f [2011/10/11 16:43:33.913915, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C6CF [2011/10/11 16:43:33.913970, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat = 0 [2011/10/11 16:43:33.914015, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat [2011/10/11 16:43:33.914063, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawWindowState.dat (numopen=158) NT_STATUS_OK [2011/10/11 16:43:33.914108, 5] smbd/files.c:464(file_free) freed files structure 18066 (269 used) [2011/10/11 16:43:33.914155, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.914180, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56452 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.914393, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.914675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.914725, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.914767, 3] smbd/process.c:1661(process_smb) Transaction 7863 of length 45 (0 toread) [2011/10/11 16:43:33.914809, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.914834, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56516 smt_wct=3 smb_vwv[ 0]=18067 (0x4693) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.915115, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.915142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.915187, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.915231, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.915680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.915810, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.915867, 3] smbd/reply.c:4850(reply_close) close fd=121 fnum=18067 (numopen=158) [2011/10/11 16:43:33.915910, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.915969, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat, file_id = 801:1ccfc5:0 gen_id = 628 has kernel oplock state of 1. [2011/10/11 16:43:33.916030, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C5CF [2011/10/11 16:43:33.916079, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.916121, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:45 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.916186, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc98c, type= 0x3, gen_id = 628, uid = 0, flags = 0, file_id 801:1ccfc5:0, name_hash = 0xe29ac6f2 [2011/10/11 16:43:33.916236, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe29ac6f2 [2011/10/11 16:43:33.916281, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C5CF [2011/10/11 16:43:33.916336, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat = 0 [2011/10/11 16:43:33.916382, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat [2011/10/11 16:43:33.916430, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DrawImpressCommands.dat (numopen=157) NT_STATUS_OK [2011/10/11 16:43:33.916476, 5] smbd/files.c:464(file_free) freed files structure 18067 (268 used) [2011/10/11 16:43:33.916522, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.916561, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56516 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.916777, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.917059, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.917108, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.917150, 3] smbd/process.c:1661(process_smb) Transaction 7864 of length 45 (0 toread) [2011/10/11 16:43:33.917192, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.917217, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56580 smt_wct=3 smb_vwv[ 0]=18068 (0x4694) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.917502, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.917530, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.917576, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.917620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.918070, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.918200, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.918258, 3] smbd/reply.c:4850(reply_close) close fd=122 fnum=18068 (numopen=157) [2011/10/11 16:43:33.918301, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.918359, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat, file_id = 801:1ccfc4:0 gen_id = 629 has kernel oplock state of 1. [2011/10/11 16:43:33.918419, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C4CF [2011/10/11 16:43:33.918468, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.918510, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:14 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.918574, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc9d8, type= 0x3, gen_id = 629, uid = 0, flags = 0, file_id 801:1ccfc4:0, name_hash = 0xf7f28e79 [2011/10/11 16:43:33.918624, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf7f28e79 [2011/10/11 16:43:33.918687, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C4CF [2011/10/11 16:43:33.918742, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat = 0 [2011/10/11 16:43:33.918788, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat [2011/10/11 16:43:33.918836, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.DbuCommands.dat (numopen=156) NT_STATUS_OK [2011/10/11 16:43:33.918882, 5] smbd/files.c:464(file_free) freed files structure 18068 (267 used) [2011/10/11 16:43:33.918929, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.918954, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56580 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.919170, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.919455, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.919506, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.919549, 3] smbd/process.c:1661(process_smb) Transaction 7865 of length 45 (0 toread) [2011/10/11 16:43:33.919590, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.919615, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56644 smt_wct=3 smb_vwv[ 0]=18069 (0x4695) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.919877, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.919904, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.919950, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.919994, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.920442, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.920571, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.920628, 3] smbd/reply.c:4850(reply_close) close fd=123 fnum=18069 (numopen=156) [2011/10/11 16:43:33.920671, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.920730, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat, file_id = 801:1ccfc3:0 gen_id = 630 has kernel oplock state of 1. [2011/10/11 16:43:33.920808, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C3CF [2011/10/11 16:43:33.920858, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.920900, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:34 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.920964, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xca03, type= 0x3, gen_id = 630, uid = 0, flags = 0, file_id 801:1ccfc3:0, name_hash = 0xbf4501d9 [2011/10/11 16:43:33.921014, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbf4501d9 [2011/10/11 16:43:33.921059, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C3CF [2011/10/11 16:43:33.921113, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat = 0 [2011/10/11 16:43:33.921159, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat [2011/10/11 16:43:33.921207, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcWindowState.dat (numopen=155) NT_STATUS_OK [2011/10/11 16:43:33.921253, 5] smbd/files.c:464(file_free) freed files structure 18069 (266 used) [2011/10/11 16:43:33.921299, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.921324, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56644 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.921561, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.921848, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.921899, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.921942, 3] smbd/process.c:1661(process_smb) Transaction 7866 of length 45 (0 toread) [2011/10/11 16:43:33.921983, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.922008, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56708 smt_wct=3 smb_vwv[ 0]=18070 (0x4696) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.922269, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.922296, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.922341, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.922384, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.922848, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.922977, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.923035, 3] smbd/reply.c:4850(reply_close) close fd=31 fnum=18070 (numopen=155) [2011/10/11 16:43:33.923078, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.923137, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat, file_id = 801:1ccfc2:0 gen_id = 631 has kernel oplock state of 1. [2011/10/11 16:43:33.923198, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C2CF [2011/10/11 16:43:33.923247, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.923289, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:34 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.923353, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xcc44, type= 0x3, gen_id = 631, uid = 0, flags = 0, file_id 801:1ccfc2:0, name_hash = 0xe5a2fbd9 [2011/10/11 16:43:33.923403, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe5a2fbd9 [2011/10/11 16:43:33.923448, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C2CF [2011/10/11 16:43:33.923503, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat = 0 [2011/10/11 16:43:33.923548, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat [2011/10/11 16:43:33.923596, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.CalcCommands.dat (numopen=154) NT_STATUS_OK [2011/10/11 16:43:33.923642, 5] smbd/files.c:464(file_free) freed files structure 18070 (265 used) [2011/10/11 16:43:33.923690, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.923715, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56708 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.923929, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.924206, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.924255, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.924297, 3] smbd/process.c:1661(process_smb) Transaction 7867 of length 45 (0 toread) [2011/10/11 16:43:33.924339, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.924363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56772 smt_wct=3 smb_vwv[ 0]=18071 (0x4697) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.924624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.924651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.924696, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.924756, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.925203, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.925333, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.925410, 3] smbd/reply.c:4850(reply_close) close fd=32 fnum=18071 (numopen=154) [2011/10/11 16:43:33.925454, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.925512, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat, file_id = 801:1ccfc1:0 gen_id = 632 has kernel oplock state of 1. [2011/10/11 16:43:33.925573, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C1CF [2011/10/11 16:43:33.925621, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.925664, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:59 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.925728, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd999, type= 0x3, gen_id = 632, uid = 0, flags = 0, file_id 801:1ccfc1:0, name_hash = 0x1647f3c7 [2011/10/11 16:43:33.925777, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1647f3c7 [2011/10/11 16:43:33.925822, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C1CF [2011/10/11 16:43:33.925877, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat = 0 [2011/10/11 16:43:33.925923, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat [2011/10/11 16:43:33.925970, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Math.dat (numopen=153) NT_STATUS_OK [2011/10/11 16:43:33.926016, 5] smbd/files.c:464(file_free) freed files structure 18071 (264 used) [2011/10/11 16:43:33.926063, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.926088, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56772 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.926302, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.926583, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.926652, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.926694, 3] smbd/process.c:1661(process_smb) Transaction 7868 of length 45 (0 toread) [2011/10/11 16:43:33.926736, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.926761, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56836 smt_wct=3 smb_vwv[ 0]=18072 (0x4698) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.927024, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.927051, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.927096, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.927140, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.927587, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.927717, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.927774, 3] smbd/reply.c:4850(reply_close) close fd=124 fnum=18072 (numopen=153) [2011/10/11 16:43:33.927817, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.927876, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat, file_id = 801:1ccfc0:0 gen_id = 633 has kernel oplock state of 1. [2011/10/11 16:43:33.927937, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C0CF [2011/10/11 16:43:33.927985, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.928028, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:44 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.928092, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xd9da, type= 0x3, gen_id = 633, uid = 0, flags = 0, file_id 801:1ccfc0:0, name_hash = 0x1af76171 [2011/10/11 16:43:33.928142, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1af76171 [2011/10/11 16:43:33.928188, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C0CF [2011/10/11 16:43:33.928243, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat = 0 [2011/10/11 16:43:33.928289, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat [2011/10/11 16:43:33.928352, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Impress.dat (numopen=152) NT_STATUS_OK [2011/10/11 16:43:33.928398, 5] smbd/files.c:464(file_free) freed files structure 18072 (263 used) [2011/10/11 16:43:33.928444, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.928470, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56836 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.928685, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.928967, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.929017, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.929059, 3] smbd/process.c:1661(process_smb) Transaction 7869 of length 45 (0 toread) [2011/10/11 16:43:33.929101, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.929125, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56900 smt_wct=3 smb_vwv[ 0]=18073 (0x4699) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.929409, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.929437, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.929482, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.929526, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.929975, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.930105, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.930162, 3] smbd/reply.c:4850(reply_close) close fd=125 fnum=18073 (numopen=152) [2011/10/11 16:43:33.930205, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.930264, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat, file_id = 801:1ccfbf:0 gen_id = 634 has kernel oplock state of 1. [2011/10/11 16:43:33.930326, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BFCF [2011/10/11 16:43:33.930374, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.930416, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:44 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.930497, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda28, type= 0x3, gen_id = 634, uid = 0, flags = 0, file_id 801:1ccfbf:0, name_hash = 0xe375b870 [2011/10/11 16:43:33.930548, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe375b870 [2011/10/11 16:43:33.930593, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BFCF [2011/10/11 16:43:33.930647, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat = 0 [2011/10/11 16:43:33.930693, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat [2011/10/11 16:43:33.930741, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Draw.dat (numopen=151) NT_STATUS_OK [2011/10/11 16:43:33.930786, 5] smbd/files.c:464(file_free) freed files structure 18073 (262 used) [2011/10/11 16:43:33.930832, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.930857, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56900 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.931071, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.931355, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.931405, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.931447, 3] smbd/process.c:1661(process_smb) Transaction 7870 of length 45 (0 toread) [2011/10/11 16:43:33.931489, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.931514, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56964 smt_wct=3 smb_vwv[ 0]=18074 (0x469A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.931776, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.931803, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.931849, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.931893, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.932339, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.932469, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.932544, 3] smbd/reply.c:4850(reply_close) close fd=126 fnum=18074 (numopen=151) [2011/10/11 16:43:33.932587, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.932647, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat, file_id = 801:1ccfbe:0 gen_id = 635 has kernel oplock state of 1. [2011/10/11 16:43:33.932707, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BECF [2011/10/11 16:43:33.932759, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.932801, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.932866, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda57, type= 0x3, gen_id = 635, uid = 0, flags = 0, file_id 801:1ccfbe:0, name_hash = 0x972e238 [2011/10/11 16:43:33.932916, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x972e238 [2011/10/11 16:43:33.932964, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BECF [2011/10/11 16:43:33.933019, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat = 0 [2011/10/11 16:43:33.933065, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat [2011/10/11 16:43:33.933112, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.DataAccess.dat (numopen=150) NT_STATUS_OK [2011/10/11 16:43:33.933158, 5] smbd/files.c:464(file_free) freed files structure 18074 (261 used) [2011/10/11 16:43:33.933203, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.933228, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=56964 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.933463, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.933748, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.933799, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.933841, 3] smbd/process.c:1661(process_smb) Transaction 7871 of length 45 (0 toread) [2011/10/11 16:43:33.933882, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.933907, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57028 smt_wct=3 smb_vwv[ 0]=18075 (0x469B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.934167, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.934194, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.934239, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.934283, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.934748, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.934877, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.934936, 3] smbd/reply.c:4850(reply_close) close fd=127 fnum=18075 (numopen=150) [2011/10/11 16:43:33.934980, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.935040, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat, file_id = 801:1ccfbd:0 gen_id = 636 has kernel oplock state of 1. [2011/10/11 16:43:33.935101, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BDCF [2011/10/11 16:43:33.935149, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.935190, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:32 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.935255, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xda98, type= 0x3, gen_id = 636, uid = 0, flags = 0, file_id 801:1ccfbd:0, name_hash = 0xe8419948 [2011/10/11 16:43:33.935305, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe8419948 [2011/10/11 16:43:33.935350, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BDCF [2011/10/11 16:43:33.935404, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat = 0 [2011/10/11 16:43:33.935449, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat [2011/10/11 16:43:33.935498, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Calc.dat (numopen=149) NT_STATUS_OK [2011/10/11 16:43:33.935544, 5] smbd/files.c:464(file_free) freed files structure 18075 (260 used) [2011/10/11 16:43:33.935590, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.935615, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57028 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.935827, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.936107, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.936156, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.936198, 3] smbd/process.c:1661(process_smb) Transaction 7872 of length 45 (0 toread) [2011/10/11 16:43:33.936239, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.936264, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57092 smt_wct=3 smb_vwv[ 0]=18076 (0x469C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.936547, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.936573, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.936618, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.936661, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.937105, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.937234, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.937289, 3] smbd/reply.c:4850(reply_close) close fd=128 fnum=18076 (numopen=149) [2011/10/11 16:43:33.937332, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.937412, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat, file_id = 801:1ccfbc:0 gen_id = 637 has kernel oplock state of 1. [2011/10/11 16:43:33.937473, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BCCF [2011/10/11 16:43:33.937521, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.937563, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.937627, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xdac3, type= 0x3, gen_id = 637, uid = 0, flags = 0, file_id 801:1ccfbc:0, name_hash = 0xc1820ae0 [2011/10/11 16:43:33.937676, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc1820ae0 [2011/10/11 16:43:33.937721, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BCCF [2011/10/11 16:43:33.937774, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat = 0 [2011/10/11 16:43:33.937820, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat [2011/10/11 16:43:33.937867, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.VCL.dat (numopen=148) NT_STATUS_OK [2011/10/11 16:43:33.937912, 5] smbd/files.c:464(file_free) freed files structure 18076 (259 used) [2011/10/11 16:43:33.937958, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.937998, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57092 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.938213, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.938497, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.938548, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.938590, 3] smbd/process.c:1661(process_smb) Transaction 7873 of length 45 (0 toread) [2011/10/11 16:43:33.938632, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.938657, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57156 smt_wct=3 smb_vwv[ 0]=18077 (0x469D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.938919, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.938946, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.938992, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.939035, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.939483, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.939613, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.939669, 3] smbd/reply.c:4850(reply_close) close fd=129 fnum=18077 (numopen=148) [2011/10/11 16:43:33.939712, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.939771, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat, file_id = 801:1ccfbb:0 gen_id = 638 has kernel oplock state of 1. [2011/10/11 16:43:33.939832, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BBCF [2011/10/11 16:43:33.939880, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.939922, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.939986, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xdd0c, type= 0x3, gen_id = 638, uid = 0, flags = 0, file_id 801:1ccfbb:0, name_hash = 0x8930f656 [2011/10/11 16:43:33.940035, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8930f656 [2011/10/11 16:43:33.940080, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BBCF [2011/10/11 16:43:33.940154, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat = 0 [2011/10/11 16:43:33.940201, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat [2011/10/11 16:43:33.940249, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.UserProfile.dat (numopen=147) NT_STATUS_OK [2011/10/11 16:43:33.940295, 5] smbd/files.c:464(file_free) freed files structure 18077 (258 used) [2011/10/11 16:43:33.940343, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.940368, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57156 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.940584, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.940864, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.940913, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.940955, 3] smbd/process.c:1661(process_smb) Transaction 7874 of length 45 (0 toread) [2011/10/11 16:43:33.940997, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.941022, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57220 smt_wct=3 smb_vwv[ 0]=18078 (0x469E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.941285, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.941312, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.941358, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.941424, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.941872, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.942002, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.942058, 3] smbd/reply.c:4850(reply_close) close fd=130 fnum=18078 (numopen=147) [2011/10/11 16:43:33.942101, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.942159, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat, file_id = 801:1ccfba:0 gen_id = 639 has kernel oplock state of 1. [2011/10/11 16:43:33.942238, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000BACF [2011/10/11 16:43:33.942288, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.942330, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.942395, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xead9, type= 0x3, gen_id = 639, uid = 0, flags = 0, file_id 801:1ccfba:0, name_hash = 0x7753fb05 [2011/10/11 16:43:33.942445, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7753fb05 [2011/10/11 16:43:33.942490, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000BACF [2011/10/11 16:43:33.942545, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat = 0 [2011/10/11 16:43:33.942591, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat [2011/10/11 16:43:33.942639, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Store.dat (numopen=146) NT_STATUS_OK [2011/10/11 16:43:33.942685, 5] smbd/files.c:464(file_free) freed files structure 18078 (257 used) [2011/10/11 16:43:33.942732, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.942757, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57220 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.942973, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.943257, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.943308, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.943351, 3] smbd/process.c:1661(process_smb) Transaction 7875 of length 45 (0 toread) [2011/10/11 16:43:33.943393, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.943418, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57284 smt_wct=3 smb_vwv[ 0]=18079 (0x469F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.943682, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.943709, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.943755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.943799, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.944267, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.944398, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.944455, 3] smbd/reply.c:4850(reply_close) close fd=131 fnum=18079 (numopen=146) [2011/10/11 16:43:33.944499, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.944558, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat, file_id = 801:1ccfb9:0 gen_id = 640 has kernel oplock state of 1. [2011/10/11 16:43:33.944619, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B9CF [2011/10/11 16:43:33.944667, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.944709, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.944773, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb1a, type= 0x3, gen_id = 640, uid = 0, flags = 0, file_id 801:1ccfb9:0, name_hash = 0x1dc28607 [2011/10/11 16:43:33.944822, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1dc28607 [2011/10/11 16:43:33.944869, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B9CF [2011/10/11 16:43:33.944924, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat = 0 [2011/10/11 16:43:33.944970, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat [2011/10/11 16:43:33.945017, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.ucb.Configuration.dat (numopen=145) NT_STATUS_OK [2011/10/11 16:43:33.945063, 5] smbd/files.c:464(file_free) freed files structure 18079 (256 used) [2011/10/11 16:43:33.945109, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.945134, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57284 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.945350, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.945654, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.945705, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.945747, 3] smbd/process.c:1661(process_smb) Transaction 7876 of length 45 (0 toread) [2011/10/11 16:43:33.945788, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.945813, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57348 smt_wct=3 smb_vwv[ 0]=18080 (0x46A0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.946074, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.946101, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.946146, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.946190, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.946659, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.946789, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.946846, 3] smbd/reply.c:4850(reply_close) close fd=132 fnum=18080 (numopen=145) [2011/10/11 16:43:33.946889, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.946950, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat, file_id = 801:1ccfb8:0 gen_id = 641 has kernel oplock state of 1. [2011/10/11 16:43:33.947010, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B8CF [2011/10/11 16:43:33.947059, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.947101, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.947166, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb68, type= 0x3, gen_id = 641, uid = 0, flags = 0, file_id 801:1ccfb8:0, name_hash = 0x1e19a9f7 [2011/10/11 16:43:33.947216, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1e19a9f7 [2011/10/11 16:43:33.947261, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B8CF [2011/10/11 16:43:33.947316, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat = 0 [2011/10/11 16:43:33.947363, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat [2011/10/11 16:43:33.947411, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Types.dat (numopen=144) NT_STATUS_OK [2011/10/11 16:43:33.947457, 5] smbd/files.c:464(file_free) freed files structure 18080 (255 used) [2011/10/11 16:43:33.947504, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.947529, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57348 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.947744, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.948023, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.948072, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.948131, 3] smbd/process.c:1661(process_smb) Transaction 7877 of length 45 (0 toread) [2011/10/11 16:43:33.948173, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.948198, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57412 smt_wct=3 smb_vwv[ 0]=18081 (0x46A1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.948461, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.948488, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.948533, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.948577, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.949024, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.949153, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.949210, 3] smbd/reply.c:4850(reply_close) close fd=133 fnum=18081 (numopen=144) [2011/10/11 16:43:33.949254, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.949312, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat, file_id = 801:1ccfb7:0 gen_id = 642 has kernel oplock state of 1. [2011/10/11 16:43:33.949397, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B7CF [2011/10/11 16:43:33.949473, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.949515, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.949579, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xeb97, type= 0x3, gen_id = 642, uid = 0, flags = 0, file_id 801:1ccfb7:0, name_hash = 0x43184b9d [2011/10/11 16:43:33.949630, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x43184b9d [2011/10/11 16:43:33.949674, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B7CF [2011/10/11 16:43:33.949729, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat = 0 [2011/10/11 16:43:33.949775, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat [2011/10/11 16:43:33.949839, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Misc.dat (numopen=143) NT_STATUS_OK [2011/10/11 16:43:33.949885, 5] smbd/files.c:464(file_free) freed files structure 18081 (254 used) [2011/10/11 16:43:33.949932, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.949958, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57412 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.950173, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.950460, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.950511, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.950554, 3] smbd/process.c:1661(process_smb) Transaction 7878 of length 45 (0 toread) [2011/10/11 16:43:33.950596, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.950621, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57476 smt_wct=3 smb_vwv[ 0]=18082 (0x46A2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.950883, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.950910, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.950956, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.951000, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.951448, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.951577, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.951636, 3] smbd/reply.c:4850(reply_close) close fd=134 fnum=18082 (numopen=143) [2011/10/11 16:43:33.951679, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.951740, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat, file_id = 801:1ccfb6:0 gen_id = 643 has kernel oplock state of 1. [2011/10/11 16:43:33.951800, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B6CF [2011/10/11 16:43:33.951849, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.951892, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.951956, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xebd8, type= 0x3, gen_id = 643, uid = 0, flags = 0, file_id 801:1ccfb6:0, name_hash = 0xc6919778 [2011/10/11 16:43:33.952024, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc6919778 [2011/10/11 16:43:33.952073, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B6CF [2011/10/11 16:43:33.952128, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat = 0 [2011/10/11 16:43:33.952174, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat [2011/10/11 16:43:33.952222, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.TypeDetection.Filter.dat (numopen=142) NT_STATUS_OK [2011/10/11 16:43:33.952268, 5] smbd/files.c:464(file_free) freed files structure 18082 (253 used) [2011/10/11 16:43:33.952315, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.952340, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57476 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.952555, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.952836, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.953184, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.953260, 3] smbd/process.c:1661(process_smb) Transaction 7879 of length 45 (0 toread) [2011/10/11 16:43:33.953303, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.953328, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57540 smt_wct=3 smb_vwv[ 0]=18083 (0x46A3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.953620, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.953651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.953701, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.953746, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.954201, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.954337, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.954412, 3] smbd/reply.c:4850(reply_close) close fd=135 fnum=18083 (numopen=142) [2011/10/11 16:43:33.954482, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.954550, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat, file_id = 801:1ccfb5:0 gen_id = 644 has kernel oplock state of 1. [2011/10/11 16:43:33.954617, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B5CF [2011/10/11 16:43:33.954671, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.954713, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:20:30 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.954780, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xec26, type= 0x3, gen_id = 644, uid = 0, flags = 0, file_id 801:1ccfb5:0, name_hash = 0x699afa9e [2011/10/11 16:43:33.954833, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x699afa9e [2011/10/11 16:43:33.954880, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B5CF [2011/10/11 16:43:33.954935, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat = 0 [2011/10/11 16:43:33.954982, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat [2011/10/11 16:43:33.955032, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.System.dat (numopen=141) NT_STATUS_OK [2011/10/11 16:43:33.955078, 5] smbd/files.c:464(file_free) freed files structure 18083 (252 used) [2011/10/11 16:43:33.955127, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.955152, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57540 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.955367, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.955675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.955728, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.955770, 3] smbd/process.c:1661(process_smb) Transaction 7880 of length 45 (0 toread) [2011/10/11 16:43:33.955812, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.955837, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57604 smt_wct=3 smb_vwv[ 0]=18084 (0x46A4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.956096, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.956124, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.956169, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.956214, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.956680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.956811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.956872, 3] smbd/reply.c:4850(reply_close) close fd=136 fnum=18084 (numopen=141) [2011/10/11 16:43:33.956915, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.956976, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat, file_id = 801:1ccfb4:0 gen_id = 645 has kernel oplock state of 1. [2011/10/11 16:43:33.957037, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B4CF [2011/10/11 16:43:33.957087, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.957129, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.957193, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xee0c, type= 0x3, gen_id = 645, uid = 0, flags = 0, file_id 801:1ccfb4:0, name_hash = 0xf04a1dba [2011/10/11 16:43:33.957243, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf04a1dba [2011/10/11 16:43:33.957289, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B4CF [2011/10/11 16:43:33.957344, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat = 0 [2011/10/11 16:43:33.957414, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat [2011/10/11 16:43:33.957462, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Setup.dat (numopen=140) NT_STATUS_OK [2011/10/11 16:43:33.957508, 5] smbd/files.c:464(file_free) freed files structure 18084 (251 used) [2011/10/11 16:43:33.957556, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.957581, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57604 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.957796, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.958086, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.958136, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.958178, 3] smbd/process.c:1661(process_smb) Transaction 7881 of length 45 (0 toread) [2011/10/11 16:43:33.958220, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.958245, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57668 smt_wct=3 smb_vwv[ 0]=18085 (0x46A5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.958524, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.958552, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.958597, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.958642, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.959089, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.959220, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.959277, 3] smbd/reply.c:4850(reply_close) close fd=137 fnum=18085 (numopen=140) [2011/10/11 16:43:33.959320, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.959380, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat, file_id = 801:1ccfb3:0 gen_id = 646 has kernel oplock state of 1. [2011/10/11 16:43:33.959440, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B3CF [2011/10/11 16:43:33.959489, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.959531, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.959595, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfb59, type= 0x3, gen_id = 646, uid = 0, flags = 0, file_id 801:1ccfb3:0, name_hash = 0x54a4a536 [2011/10/11 16:43:33.959644, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x54a4a536 [2011/10/11 16:43:33.959689, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B3CF [2011/10/11 16:43:33.959744, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat = 0 [2011/10/11 16:43:33.959790, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat [2011/10/11 16:43:33.959837, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.WriterWeb.dat (numopen=139) NT_STATUS_OK [2011/10/11 16:43:33.959883, 5] smbd/files.c:464(file_free) freed files structure 18085 (250 used) [2011/10/11 16:43:33.959929, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.959954, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57668 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.960184, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.960462, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.960511, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.960553, 3] smbd/process.c:1661(process_smb) Transaction 7882 of length 45 (0 toread) [2011/10/11 16:43:33.960595, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.960620, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57732 smt_wct=3 smb_vwv[ 0]=18086 (0x46A6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.960880, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.960907, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.960952, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.960996, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.961461, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.961590, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.961646, 3] smbd/reply.c:4850(reply_close) close fd=138 fnum=18086 (numopen=139) [2011/10/11 16:43:33.961689, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.961748, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat, file_id = 801:1ccfb2:0 gen_id = 647 has kernel oplock state of 1. [2011/10/11 16:43:33.961808, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B2CF [2011/10/11 16:43:33.961856, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.961898, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.961962, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfb9a, type= 0x3, gen_id = 647, uid = 0, flags = 0, file_id 801:1ccfb2:0, name_hash = 0x3d123502 [2011/10/11 16:43:33.962012, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d123502 [2011/10/11 16:43:33.962057, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B2CF [2011/10/11 16:43:33.962128, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat = 0 [2011/10/11 16:43:33.962175, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat [2011/10/11 16:43:33.962222, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Writer.dat (numopen=138) NT_STATUS_OK [2011/10/11 16:43:33.962267, 5] smbd/files.c:464(file_free) freed files structure 18086 (249 used) [2011/10/11 16:43:33.962313, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.962338, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57732 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.962552, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.962836, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.962886, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.962928, 3] smbd/process.c:1661(process_smb) Transaction 7883 of length 45 (0 toread) [2011/10/11 16:43:33.962970, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.962995, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57796 smt_wct=3 smb_vwv[ 0]=18087 (0x46A7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.963255, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.963282, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.963327, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.963371, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.963817, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.963946, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.964004, 3] smbd/reply.c:4850(reply_close) close fd=139 fnum=18087 (numopen=138) [2011/10/11 16:43:33.964047, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.964106, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat, file_id = 801:1ccfb1:0 gen_id = 648 has kernel oplock state of 1. [2011/10/11 16:43:33.964167, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B1CF [2011/10/11 16:43:33.964233, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.964276, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.964339, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfbd7, type= 0x3, gen_id = 648, uid = 0, flags = 0, file_id 801:1ccfb1:0, name_hash = 0xb703fc97 [2011/10/11 16:43:33.964389, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb703fc97 [2011/10/11 16:43:33.964434, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B1CF [2011/10/11 16:43:33.964488, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat = 0 [2011/10/11 16:43:33.964534, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat [2011/10/11 16:43:33.964581, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Views.dat (numopen=137) NT_STATUS_OK [2011/10/11 16:43:33.964626, 5] smbd/files.c:464(file_free) freed files structure 18087 (248 used) [2011/10/11 16:43:33.964672, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.964697, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57796 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.964911, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.965183, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.965232, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.965274, 3] smbd/process.c:1661(process_smb) Transaction 7884 of length 45 (0 toread) [2011/10/11 16:43:33.965316, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.965340, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57860 smt_wct=3 smb_vwv[ 0]=18088 (0x46A8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.965621, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.965648, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.965693, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.965736, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.966181, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.966327, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.966386, 3] smbd/reply.c:4850(reply_close) close fd=140 fnum=18088 (numopen=137) [2011/10/11 16:43:33.966428, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.966487, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat, file_id = 801:1ccfb0:0 gen_id = 649 has kernel oplock state of 1. [2011/10/11 16:43:33.966548, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000B0CF [2011/10/11 16:43:33.966596, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.966638, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:06 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.966702, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc1b, type= 0x3, gen_id = 649, uid = 0, flags = 0, file_id 801:1ccfb0:0, name_hash = 0xede4e915 [2011/10/11 16:43:33.966751, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xede4e915 [2011/10/11 16:43:33.966796, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000B0CF [2011/10/11 16:43:33.966851, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat = 0 [2011/10/11 16:43:33.966897, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat [2011/10/11 16:43:33.966944, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat (numopen=136) NT_STATUS_OK [2011/10/11 16:43:33.966990, 5] smbd/files.c:464(file_free) freed files structure 18088 (247 used) [2011/10/11 16:43:33.967036, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.967061, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57860 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.967277, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.967558, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.967609, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.967651, 3] smbd/process.c:1661(process_smb) Transaction 7885 of length 45 (0 toread) [2011/10/11 16:43:33.967693, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.967718, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57924 smt_wct=3 smb_vwv[ 0]=18089 (0x46A9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.967979, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.968007, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.968052, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.968095, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.968561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.968691, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.968748, 3] smbd/reply.c:4850(reply_close) close fd=141 fnum=18089 (numopen=136) [2011/10/11 16:43:33.968791, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.968851, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat, file_id = 801:1ccfaf:0 gen_id = 650 has kernel oplock state of 1. [2011/10/11 16:43:33.968911, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AFCF [2011/10/11 16:43:33.968960, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.969001, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:06 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.969066, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc66, type= 0x3, gen_id = 650, uid = 0, flags = 0, file_id 801:1ccfaf:0, name_hash = 0xd9e1ced7 [2011/10/11 16:43:33.969116, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd9e1ced7 [2011/10/11 16:43:33.969161, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AFCF [2011/10/11 16:43:33.969215, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat = 0 [2011/10/11 16:43:33.969261, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat [2011/10/11 16:43:33.969309, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat (numopen=135) NT_STATUS_OK [2011/10/11 16:43:33.969354, 5] smbd/files.c:464(file_free) freed files structure 18089 (246 used) [2011/10/11 16:43:33.969423, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.969448, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57924 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.969663, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.969947, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.969998, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.970058, 3] smbd/process.c:1661(process_smb) Transaction 7886 of length 45 (0 toread) [2011/10/11 16:43:33.970100, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.970125, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57988 smt_wct=3 smb_vwv[ 0]=18090 (0x46AA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.970385, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.970413, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.970458, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.970502, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.970948, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.971077, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.971133, 3] smbd/reply.c:4850(reply_close) close fd=142 fnum=18090 (numopen=135) [2011/10/11 16:43:33.971175, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.971234, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat, file_id = 801:1ccfae:0 gen_id = 651 has kernel oplock state of 1. [2011/10/11 16:43:33.971296, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AECF [2011/10/11 16:43:33.971345, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.971387, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.971450, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfca7, type= 0x3, gen_id = 651, uid = 0, flags = 0, file_id 801:1ccfae:0, name_hash = 0x31f4c8b7 [2011/10/11 16:43:33.971500, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x31f4c8b7 [2011/10/11 16:43:33.971545, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AECF [2011/10/11 16:43:33.971599, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat = 0 [2011/10/11 16:43:33.971645, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat [2011/10/11 16:43:33.971707, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat (numopen=134) NT_STATUS_OK [2011/10/11 16:43:33.971753, 5] smbd/files.c:464(file_free) freed files structure 18090 (245 used) [2011/10/11 16:43:33.971800, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.971825, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=57988 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.972038, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.972316, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.972365, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.972407, 3] smbd/process.c:1661(process_smb) Transaction 7887 of length 45 (0 toread) [2011/10/11 16:43:33.972449, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.972473, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58052 smt_wct=3 smb_vwv[ 0]=18091 (0x46AB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.972732, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.972759, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.972804, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.972847, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.973291, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.973441, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.973496, 3] smbd/reply.c:4850(reply_close) close fd=143 fnum=18091 (numopen=134) [2011/10/11 16:43:33.973538, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.973596, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat, file_id = 801:1ccfad:0 gen_id = 652 has kernel oplock state of 1. [2011/10/11 16:43:33.973656, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ADCF [2011/10/11 16:43:33.973708, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.973750, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:27 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.973830, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfe8c, type= 0x3, gen_id = 652, uid = 0, flags = 0, file_id 801:1ccfad:0, name_hash = 0xde137218 [2011/10/11 16:43:33.973880, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xde137218 [2011/10/11 16:43:33.973928, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ADCF [2011/10/11 16:43:33.973983, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat = 0 [2011/10/11 16:43:33.974028, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat [2011/10/11 16:43:33.974076, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat (numopen=133) NT_STATUS_OK [2011/10/11 16:43:33.974121, 5] smbd/files.c:464(file_free) freed files structure 18091 (244 used) [2011/10/11 16:43:33.974168, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.974193, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58052 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.974407, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.974690, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.974740, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.974783, 3] smbd/process.c:1661(process_smb) Transaction 7888 of length 45 (0 toread) [2011/10/11 16:43:33.974824, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.974849, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58116 smt_wct=3 smb_vwv[ 0]=18092 (0x46AC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.975110, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.975137, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.975183, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.975226, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.975670, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.975799, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.975872, 3] smbd/reply.c:4850(reply_close) close fd=144 fnum=18092 (numopen=133) [2011/10/11 16:43:33.975916, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.975975, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat, file_id = 801:1ccfac:0 gen_id = 653 has kernel oplock state of 1. [2011/10/11 16:43:33.976037, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ACCF [2011/10/11 16:43:33.976085, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.976128, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.976191, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xb99, type= 0x3, gen_id = 653, uid = 0, flags = 0, file_id 801:1ccfac:0, name_hash = 0xfd175e84 [2011/10/11 16:43:33.976242, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xfd175e84 [2011/10/11 16:43:33.976286, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ACCF [2011/10/11 16:43:33.976341, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat = 0 [2011/10/11 16:43:33.976387, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat [2011/10/11 16:43:33.976435, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Factories.dat (numopen=132) NT_STATUS_OK [2011/10/11 16:43:33.976481, 5] smbd/files.c:464(file_free) freed files structure 18092 (243 used) [2011/10/11 16:43:33.976527, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.976552, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58116 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.976768, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.977045, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.977095, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.977137, 3] smbd/process.c:1661(process_smb) Transaction 7889 of length 45 (0 toread) [2011/10/11 16:43:33.977178, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.977203, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58180 smt_wct=3 smb_vwv[ 0]=18093 (0x46AD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.977487, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.977515, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.977560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.977604, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.978069, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.978198, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.978255, 3] smbd/reply.c:4850(reply_close) close fd=145 fnum=18093 (numopen=132) [2011/10/11 16:43:33.978299, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.978357, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat, file_id = 801:1ccfab:0 gen_id = 654 has kernel oplock state of 1. [2011/10/11 16:43:33.978418, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000ABCF [2011/10/11 16:43:33.978470, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.978512, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.978576, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xbd7, type= 0x3, gen_id = 654, uid = 0, flags = 0, file_id 801:1ccfab:0, name_hash = 0x3717474e [2011/10/11 16:43:33.978626, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3717474e [2011/10/11 16:43:33.978673, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000ABCF [2011/10/11 16:43:33.978728, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat = 0 [2011/10/11 16:43:33.978774, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat [2011/10/11 16:43:33.978822, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.dat (numopen=131) NT_STATUS_OK [2011/10/11 16:43:33.978868, 5] smbd/files.c:464(file_free) freed files structure 18093 (242 used) [2011/10/11 16:43:33.978915, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.978940, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58180 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.979156, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.979439, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.979491, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.979533, 3] smbd/process.c:1661(process_smb) Transaction 7890 of length 45 (0 toread) [2011/10/11 16:43:33.979575, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.979600, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58244 smt_wct=3 smb_vwv[ 0]=18094 (0x46AE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.979881, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.979908, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.979954, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.979998, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.980445, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.980574, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.980631, 3] smbd/reply.c:4850(reply_close) close fd=146 fnum=18094 (numopen=131) [2011/10/11 16:43:33.980674, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.980733, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat, file_id = 801:1ccfaa:0 gen_id = 655 has kernel oplock state of 1. [2011/10/11 16:43:33.980794, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AACF [2011/10/11 16:43:33.980843, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.980886, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:26 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.980949, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc1a, type= 0x3, gen_id = 655, uid = 0, flags = 0, file_id 801:1ccfaa:0, name_hash = 0x663176af [2011/10/11 16:43:33.980999, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x663176af [2011/10/11 16:43:33.981044, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AACF [2011/10/11 16:43:33.981099, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat = 0 [2011/10/11 16:43:33.981144, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat [2011/10/11 16:43:33.981192, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.UI.Controller.dat (numopen=130) NT_STATUS_OK [2011/10/11 16:43:33.981238, 5] smbd/files.c:464(file_free) freed files structure 18094 (241 used) [2011/10/11 16:43:33.981298, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.981324, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58244 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.981558, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.981839, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.981890, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.981932, 3] smbd/process.c:1661(process_smb) Transaction 7891 of length 45 (0 toread) [2011/10/11 16:43:33.981974, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.981999, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58308 smt_wct=3 smb_vwv[ 0]=18095 (0x46AF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.982259, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.982286, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.982332, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.982376, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.982821, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.982949, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.983004, 3] smbd/reply.c:4850(reply_close) close fd=147 fnum=18095 (numopen=130) [2011/10/11 16:43:33.983047, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.983106, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat, file_id = 801:1ccfa9:0 gen_id = 656 has kernel oplock state of 1. [2011/10/11 16:43:33.983166, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A9CF [2011/10/11 16:43:33.983215, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.983257, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.983321, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc5b, type= 0x3, gen_id = 656, uid = 0, flags = 0, file_id 801:1ccfa9:0, name_hash = 0xf9fca62b [2011/10/11 16:43:33.983371, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf9fca62b [2011/10/11 16:43:33.983433, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A9CF [2011/10/11 16:43:33.983489, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat = 0 [2011/10/11 16:43:33.983535, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat [2011/10/11 16:43:33.983583, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TypeDetection.dat (numopen=129) NT_STATUS_OK [2011/10/11 16:43:33.983628, 5] smbd/files.c:464(file_free) freed files structure 18095 (240 used) [2011/10/11 16:43:33.983675, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.983700, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58308 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.983913, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.984191, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.984241, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.984282, 3] smbd/process.c:1661(process_smb) Transaction 7892 of length 45 (0 toread) [2011/10/11 16:43:33.984324, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.984349, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58372 smt_wct=3 smb_vwv[ 0]=18096 (0x46B0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.984608, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.984634, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.984679, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.984723, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.985166, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.985294, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.985348, 3] smbd/reply.c:4850(reply_close) close fd=148 fnum=18096 (numopen=129) [2011/10/11 16:43:33.985413, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.985471, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat, file_id = 801:1ccfa8:0 gen_id = 657 has kernel oplock state of 1. [2011/10/11 16:43:33.985548, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A8CF [2011/10/11 16:43:33.985596, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.985639, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:21 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.985702, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xc98, type= 0x3, gen_id = 657, uid = 0, flags = 0, file_id 801:1ccfa8:0, name_hash = 0x4d40983a [2011/10/11 16:43:33.985751, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4d40983a [2011/10/11 16:43:33.985796, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A8CF [2011/10/11 16:43:33.985851, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat = 0 [2011/10/11 16:43:33.985896, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat [2011/10/11 16:43:33.985944, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.TabBrowse.dat (numopen=128) NT_STATUS_OK [2011/10/11 16:43:33.985989, 5] smbd/files.c:464(file_free) freed files structure 18096 (239 used) [2011/10/11 16:43:33.986035, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.986060, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58372 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.986273, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.986581, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.986631, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.986672, 3] smbd/process.c:1661(process_smb) Transaction 7893 of length 45 (0 toread) [2011/10/11 16:43:33.986714, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.986739, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58436 smt_wct=3 smb_vwv[ 0]=18097 (0x46B1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.986998, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.987025, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.987070, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.987114, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.987574, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.987703, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.987759, 3] smbd/reply.c:4850(reply_close) close fd=149 fnum=18097 (numopen=128) [2011/10/11 16:43:33.987802, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.987861, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat, file_id = 801:1ccfa7:0 gen_id = 658 has kernel oplock state of 1. [2011/10/11 16:43:33.987921, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A7CF [2011/10/11 16:43:33.987969, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.988011, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.988075, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xce7, type= 0x3, gen_id = 658, uid = 0, flags = 0, file_id 801:1ccfa7:0, name_hash = 0x2777ad99 [2011/10/11 16:43:33.988125, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2777ad99 [2011/10/11 16:43:33.988172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A7CF [2011/10/11 16:43:33.988227, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat = 0 [2011/10/11 16:43:33.988272, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat [2011/10/11 16:43:33.988320, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Substitution.dat (numopen=127) NT_STATUS_OK [2011/10/11 16:43:33.988366, 5] smbd/files.c:464(file_free) freed files structure 18097 (238 used) [2011/10/11 16:43:33.988412, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.988437, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58436 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.988653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.988934, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.988984, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.989026, 3] smbd/process.c:1661(process_smb) Transaction 7894 of length 45 (0 toread) [2011/10/11 16:43:33.989067, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.989092, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58500 smt_wct=3 smb_vwv[ 0]=18098 (0x46B2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.989354, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.989400, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.989447, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.989509, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.989955, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.990084, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.990140, 3] smbd/reply.c:4850(reply_close) close fd=150 fnum=18098 (numopen=127) [2011/10/11 16:43:33.990183, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.990242, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat, file_id = 801:1ccfa6:0 gen_id = 659 has kernel oplock state of 1. [2011/10/11 16:43:33.990302, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A6CF [2011/10/11 16:43:33.990350, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.990392, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:22:36 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.990456, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xfc4, type= 0x3, gen_id = 659, uid = 0, flags = 0, file_id 801:1ccfa6:0, name_hash = 0x92eae451 [2011/10/11 16:43:33.990505, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x92eae451 [2011/10/11 16:43:33.990550, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A6CF [2011/10/11 16:43:33.990605, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat = 0 [2011/10/11 16:43:33.990650, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat [2011/10/11 16:43:33.990697, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.SFX.dat (numopen=126) NT_STATUS_OK [2011/10/11 16:43:33.990743, 5] smbd/files.c:464(file_free) freed files structure 18098 (237 used) [2011/10/11 16:43:33.990787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.990812, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58500 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.991026, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.991308, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.991375, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.991417, 3] smbd/process.c:1661(process_smb) Transaction 7895 of length 45 (0 toread) [2011/10/11 16:43:33.991459, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.991484, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58564 smt_wct=3 smb_vwv[ 0]=18099 (0x46B3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.991746, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.991773, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.991819, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.991862, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.992309, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.992438, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.992493, 3] smbd/reply.c:4850(reply_close) close fd=151 fnum=18099 (numopen=126) [2011/10/11 16:43:33.992536, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.992595, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat, file_id = 801:1ccfa5:0 gen_id = 660 has kernel oplock state of 1. [2011/10/11 16:43:33.992656, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A5CF [2011/10/11 16:43:33.992704, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.992746, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.992811, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1c59, type= 0x3, gen_id = 660, uid = 0, flags = 0, file_id 801:1ccfa5:0, name_hash = 0xbafbf63f [2011/10/11 16:43:33.992860, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbafbf63f [2011/10/11 16:43:33.992905, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A5CF [2011/10/11 16:43:33.992960, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat = 0 [2011/10/11 16:43:33.993005, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat [2011/10/11 16:43:33.993068, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Recovery.dat (numopen=125) NT_STATUS_OK [2011/10/11 16:43:33.993114, 5] smbd/files.c:464(file_free) freed files structure 18099 (236 used) [2011/10/11 16:43:33.993160, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.993186, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58564 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.993421, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.993702, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.993753, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.993795, 3] smbd/process.c:1661(process_smb) Transaction 7896 of length 45 (0 toread) [2011/10/11 16:43:33.993837, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.993861, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58628 smt_wct=3 smb_vwv[ 0]=18100 (0x46B4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.994122, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.994149, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.994194, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.994237, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.994683, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.994811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.994866, 3] smbd/reply.c:4850(reply_close) close fd=152 fnum=18100 (numopen=125) [2011/10/11 16:43:33.994908, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.994967, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat, file_id = 801:1ccfa4:0 gen_id = 661 has kernel oplock state of 1. [2011/10/11 16:43:33.995028, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A4CF [2011/10/11 16:43:33.995080, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:33.995122, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.995204, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1c97, type= 0x3, gen_id = 661, uid = 0, flags = 0, file_id 801:1ccfa4:0, name_hash = 0x296b1293 [2011/10/11 16:43:33.995254, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x296b1293 [2011/10/11 16:43:33.995303, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A4CF [2011/10/11 16:43:33.995358, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat = 0 [2011/10/11 16:43:33.995404, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat [2011/10/11 16:43:33.995451, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat (numopen=124) NT_STATUS_OK [2011/10/11 16:43:33.995497, 5] smbd/files.c:464(file_free) freed files structure 18100 (235 used) [2011/10/11 16:43:33.995545, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.995570, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58628 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.995785, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.996070, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.996119, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.996161, 3] smbd/process.c:1661(process_smb) Transaction 7897 of length 45 (0 toread) [2011/10/11 16:43:33.996203, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.996228, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58692 smt_wct=3 smb_vwv[ 0]=18101 (0x46B5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.996489, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.996515, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.996560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.996604, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.997050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.997179, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.997250, 3] smbd/reply.c:4850(reply_close) close fd=153 fnum=18101 (numopen=124) [2011/10/11 16:43:33.997293, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.997351, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat, file_id = 801:1ccfa3:0 gen_id = 662 has kernel oplock state of 1. [2011/10/11 16:43:33.997434, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A3CF [2011/10/11 16:43:33.997482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.997524, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:11 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.997587, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1cda, type= 0x3, gen_id = 662, uid = 0, flags = 0, file_id 801:1ccfa3:0, name_hash = 0xc61b58e9 [2011/10/11 16:43:33.997637, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc61b58e9 [2011/10/11 16:43:33.997682, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A3CF [2011/10/11 16:43:33.997738, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat = 0 [2011/10/11 16:43:33.997783, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat [2011/10/11 16:43:33.997831, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Paths.dat (numopen=123) NT_STATUS_OK [2011/10/11 16:43:33.997876, 5] smbd/files.c:464(file_free) freed files structure 18101 (234 used) [2011/10/11 16:43:33.997922, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.997947, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58692 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:33.998160, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.998442, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:33.998493, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:33.998534, 3] smbd/process.c:1661(process_smb) Transaction 7898 of length 45 (0 toread) [2011/10/11 16:43:33.998576, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:33.998601, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58756 smt_wct=3 smb_vwv[ 0]=18102 (0x46B6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:33.998860, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:33.998887, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:33.998932, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:33.998976, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:33.999440, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:33.999570, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:33.999628, 3] smbd/reply.c:4850(reply_close) close fd=154 fnum=18102 (numopen=123) [2011/10/11 16:43:33.999670, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:33.999730, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat, file_id = 801:1ccfa2:0 gen_id = 663 has kernel oplock state of 1. [2011/10/11 16:43:33.999790, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A2CF [2011/10/11 16:43:33.999838, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:33.999881, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:33.999945, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d1b, type= 0x3, gen_id = 663, uid = 0, flags = 0, file_id 801:1ccfa2:0, name_hash = 0xa7d1bbd6 [2011/10/11 16:43:33.999994, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa7d1bbd6 [2011/10/11 16:43:34.000039, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A2CF [2011/10/11 16:43:34.000094, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat = 0 [2011/10/11 16:43:34.000140, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat [2011/10/11 16:43:34.000187, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Logging.dat (numopen=122) NT_STATUS_OK [2011/10/11 16:43:34.000232, 5] smbd/files.c:464(file_free) freed files structure 18102 (233 used) [2011/10/11 16:43:34.000278, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.000304, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58756 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.000520, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.000798, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.000847, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.000888, 3] smbd/process.c:1661(process_smb) Transaction 7899 of length 45 (0 toread) [2011/10/11 16:43:34.000930, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.000955, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58820 smt_wct=3 smb_vwv[ 0]=18103 (0x46B7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.001236, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.001263, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.001308, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.001352, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.001822, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.001953, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.002007, 3] smbd/reply.c:4850(reply_close) close fd=155 fnum=18103 (numopen=122) [2011/10/11 16:43:34.002050, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.002110, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat, file_id = 801:1ccfa1:0 gen_id = 664 has kernel oplock state of 1. [2011/10/11 16:43:34.002170, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A1CF [2011/10/11 16:43:34.002219, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.002261, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.002325, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1d58, type= 0x3, gen_id = 664, uid = 0, flags = 0, file_id 801:1ccfa1:0, name_hash = 0xf81b799c [2011/10/11 16:43:34.002374, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf81b799c [2011/10/11 16:43:34.002419, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A1CF [2011/10/11 16:43:34.002474, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat = 0 [2011/10/11 16:43:34.002520, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat [2011/10/11 16:43:34.002567, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Linguistic.dat (numopen=121) NT_STATUS_OK [2011/10/11 16:43:34.002613, 5] smbd/files.c:464(file_free) freed files structure 18103 (232 used) [2011/10/11 16:43:34.002674, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.002699, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58820 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.002915, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.003198, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.003249, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.003291, 3] smbd/process.c:1661(process_smb) Transaction 7900 of length 45 (0 toread) [2011/10/11 16:43:34.003333, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.003358, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58884 smt_wct=3 smb_vwv[ 0]=18104 (0x46B8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.003619, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.003646, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.003691, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.003735, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.004182, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.004312, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.004368, 3] smbd/reply.c:4850(reply_close) close fd=156 fnum=18104 (numopen=121) [2011/10/11 16:43:34.004410, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.004470, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat, file_id = 801:1ccfa0:0 gen_id = 665 has kernel oplock state of 1. [2011/10/11 16:43:34.004532, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A0CF [2011/10/11 16:43:34.004581, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.004624, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.004688, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1da7, type= 0x3, gen_id = 665, uid = 0, flags = 0, file_id 801:1ccfa0:0, name_hash = 0xc4c84c9 [2011/10/11 16:43:34.004737, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc4c84c9 [2011/10/11 16:43:34.004799, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A0CF [2011/10/11 16:43:34.004855, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat = 0 [2011/10/11 16:43:34.004901, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat [2011/10/11 16:43:34.004949, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Jobs.dat (numopen=120) NT_STATUS_OK [2011/10/11 16:43:34.004994, 5] smbd/files.c:464(file_free) freed files structure 18104 (231 used) [2011/10/11 16:43:34.005040, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.005066, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58884 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.005281, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.005561, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.005613, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.005655, 3] smbd/process.c:1661(process_smb) Transaction 7901 of length 45 (0 toread) [2011/10/11 16:43:34.005697, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.005722, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58948 smt_wct=3 smb_vwv[ 0]=18105 (0x46B9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.005985, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.006012, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.006058, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.006102, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.006551, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.006682, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.006737, 3] smbd/reply.c:4850(reply_close) close fd=157 fnum=18105 (numopen=120) [2011/10/11 16:43:34.006780, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.006840, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat, file_id = 801:1ccf9f:0 gen_id = 666 has kernel oplock state of 1. [2011/10/11 16:43:34.006920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009FCF [2011/10/11 16:43:34.006970, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.007013, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:16 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.007077, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x1f84, type= 0x3, gen_id = 666, uid = 0, flags = 0, file_id 801:1ccf9f:0, name_hash = 0xab4dcefd [2011/10/11 16:43:34.007126, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xab4dcefd [2011/10/11 16:43:34.007172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009FCF [2011/10/11 16:43:34.007227, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat = 0 [2011/10/11 16:43:34.007273, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat [2011/10/11 16:43:34.007321, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Java.dat (numopen=119) NT_STATUS_OK [2011/10/11 16:43:34.007366, 5] smbd/files.c:464(file_free) freed files structure 18105 (230 used) [2011/10/11 16:43:34.007413, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.007438, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=58948 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.007654, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.007936, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.007986, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.008029, 3] smbd/process.c:1661(process_smb) Transaction 7902 of length 45 (0 toread) [2011/10/11 16:43:34.008070, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.008095, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59012 smt_wct=3 smb_vwv[ 0]=18106 (0x46BA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.008358, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.008385, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.008430, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.008474, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.008939, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.009069, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.009124, 3] smbd/reply.c:4850(reply_close) close fd=158 fnum=18106 (numopen=119) [2011/10/11 16:43:34.009166, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.009225, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat, file_id = 801:1ccf9e:0 gen_id = 667 has kernel oplock state of 1. [2011/10/11 16:43:34.009286, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009ECF [2011/10/11 16:43:34.009334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.009397, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.009462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c19, type= 0x3, gen_id = 667, uid = 0, flags = 0, file_id 801:1ccf9e:0, name_hash = 0x935a0cf7 [2011/10/11 16:43:34.009512, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x935a0cf7 [2011/10/11 16:43:34.009557, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009ECF [2011/10/11 16:43:34.009612, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat = 0 [2011/10/11 16:43:34.009658, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat [2011/10/11 16:43:34.009705, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Events.dat (numopen=118) NT_STATUS_OK [2011/10/11 16:43:34.009751, 5] smbd/files.c:464(file_free) freed files structure 18106 (229 used) [2011/10/11 16:43:34.009795, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.009820, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59012 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.010035, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.010314, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.010364, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.010406, 3] smbd/process.c:1661(process_smb) Transaction 7903 of length 45 (0 toread) [2011/10/11 16:43:34.010448, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.010474, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59076 smt_wct=3 smb_vwv[ 0]=18107 (0x46BB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.010735, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.010762, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.010808, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.010851, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.011319, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.011450, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.011504, 3] smbd/reply.c:4850(reply_close) close fd=159 fnum=18107 (numopen=118) [2011/10/11 16:43:34.011547, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.011606, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat, file_id = 801:1ccf9d:0 gen_id = 668 has kernel oplock state of 1. [2011/10/11 16:43:34.011668, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009DCF [2011/10/11 16:43:34.011716, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9d0 [2011/10/11 16:43:34.011758, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:05 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.011822, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c57, type= 0x3, gen_id = 668, uid = 0, flags = 0, file_id 801:1ccf9d:0, name_hash = 0x5bbd5eaa [2011/10/11 16:43:34.011871, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5bbd5eaa [2011/10/11 16:43:34.011917, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009DCF [2011/10/11 16:43:34.011971, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat = 0 [2011/10/11 16:43:34.012017, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat [2011/10/11 16:43:34.012065, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Compatibility.dat (numopen=117) NT_STATUS_OK [2011/10/11 16:43:34.012110, 5] smbd/files.c:464(file_free) freed files structure 18107 (228 used) [2011/10/11 16:43:34.012157, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.012182, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59076 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.012397, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.012675, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.012739, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.012781, 3] smbd/process.c:1661(process_smb) Transaction 7904 of length 45 (0 toread) [2011/10/11 16:43:34.012823, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.012848, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59140 smt_wct=3 smb_vwv[ 0]=18108 (0x46BC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.013108, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.013135, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.013180, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.013224, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.013688, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.013818, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.013872, 3] smbd/reply.c:4850(reply_close) close fd=160 fnum=18108 (numopen=117) [2011/10/11 16:43:34.013915, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.013974, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat, file_id = 801:1ccf6d:0 gen_id = 669 has kernel oplock state of 1. [2011/10/11 16:43:34.014035, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006DCF [2011/10/11 16:43:34.014083, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.014125, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:10 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.014190, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c9a, type= 0x3, gen_id = 669, uid = 0, flags = 0, file_id 801:1ccf6d:0, name_hash = 0x66b35b2 [2011/10/11 16:43:34.014239, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x66b35b2 [2011/10/11 16:43:34.014284, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006DCF [2011/10/11 16:43:34.014339, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat = 0 [2011/10/11 16:43:34.014384, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat [2011/10/11 16:43:34.014446, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Common.dat (numopen=116) NT_STATUS_OK [2011/10/11 16:43:34.014492, 5] smbd/files.c:464(file_free) freed files structure 18108 (227 used) [2011/10/11 16:43:34.014538, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.014563, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59140 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.014778, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.015061, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.015112, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.015154, 3] smbd/process.c:1661(process_smb) Transaction 7905 of length 45 (0 toread) [2011/10/11 16:43:34.015196, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.015220, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59204 smt_wct=3 smb_vwv[ 0]=18109 (0x46BD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.015481, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.015509, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.015554, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.015598, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.016044, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.016173, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.016228, 3] smbd/reply.c:4850(reply_close) close fd=161 fnum=18109 (numopen=116) [2011/10/11 16:43:34.016270, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.016329, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat, file_id = 801:1ccece:0 gen_id = 670 has kernel oplock state of 1. [2011/10/11 16:43:34.016389, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000CECE [2011/10/11 16:43:34.016442, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.016484, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.016565, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2cdb, type= 0x3, gen_id = 670, uid = 0, flags = 0, file_id 801:1ccece:0, name_hash = 0x610c7237 [2011/10/11 16:43:34.016616, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x610c7237 [2011/10/11 16:43:34.016668, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000CECE [2011/10/11 16:43:34.016722, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat = 0 [2011/10/11 16:43:34.016768, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat [2011/10/11 16:43:34.016816, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Commands.dat (numopen=115) NT_STATUS_OK [2011/10/11 16:43:34.016861, 5] smbd/files.c:464(file_free) freed files structure 18109 (226 used) [2011/10/11 16:43:34.016907, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.016932, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59204 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.017148, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.017432, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.017482, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.017524, 3] smbd/process.c:1661(process_smb) Transaction 7906 of length 45 (0 toread) [2011/10/11 16:43:34.017566, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.017591, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59268 smt_wct=3 smb_vwv[ 0]=18110 (0x46BE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.017853, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.017880, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.017926, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.017969, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.018416, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.018546, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.018603, 3] smbd/reply.c:4850(reply_close) close fd=162 fnum=18110 (numopen=115) [2011/10/11 16:43:34.018664, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.018725, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat, file_id = 801:1cce92:0 gen_id = 671 has kernel oplock state of 1. [2011/10/11 16:43:34.018787, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000092CE [2011/10/11 16:43:34.018836, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.018879, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:25 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.018943, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2d18, type= 0x3, gen_id = 671, uid = 0, flags = 0, file_id 801:1cce92:0, name_hash = 0xafaf5ae9 [2011/10/11 16:43:34.018993, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xafaf5ae9 [2011/10/11 16:43:34.019038, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000092CE [2011/10/11 16:43:34.019092, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat = 0 [2011/10/11 16:43:34.019138, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat [2011/10/11 16:43:34.019186, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Office.Addons.dat (numopen=114) NT_STATUS_OK [2011/10/11 16:43:34.019232, 5] smbd/files.c:464(file_free) freed files structure 18110 (225 used) [2011/10/11 16:43:34.019278, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.019303, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59268 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.019518, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.019800, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.019850, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.019892, 3] smbd/process.c:1661(process_smb) Transaction 7907 of length 45 (0 toread) [2011/10/11 16:43:34.019934, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.019959, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59332 smt_wct=3 smb_vwv[ 0]=18111 (0x46BF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.020220, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.020247, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.020293, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.020336, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.020801, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.020931, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.020988, 3] smbd/reply.c:4850(reply_close) close fd=163 fnum=18111 (numopen=114) [2011/10/11 16:43:34.021030, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.021091, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat, file_id = 801:1cce91:0 gen_id = 672 has kernel oplock state of 1. [2011/10/11 16:43:34.021151, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000091CE [2011/10/11 16:43:34.021200, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.021242, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Dec 5 15:43:17 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.021306, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2d67, type= 0x3, gen_id = 672, uid = 0, flags = 0, file_id 801:1cce91:0, name_hash = 0x8075f7f7 [2011/10/11 16:43:34.021355, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8075f7f7 [2011/10/11 16:43:34.021422, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000091CE [2011/10/11 16:43:34.021477, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat = 0 [2011/10/11 16:43:34.021523, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat [2011/10/11 16:43:34.021570, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.LDAP.dat (numopen=113) NT_STATUS_OK [2011/10/11 16:43:34.021615, 5] smbd/files.c:464(file_free) freed files structure 18111 (224 used) [2011/10/11 16:43:34.021662, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.021687, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59332 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.021901, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.022188, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.022238, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.022280, 3] smbd/process.c:1661(process_smb) Transaction 7908 of length 45 (0 toread) [2011/10/11 16:43:34.022322, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.022347, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59396 smt_wct=3 smb_vwv[ 0]=18112 (0x46C0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.022625, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.022653, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.022698, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.022742, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.023188, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.023317, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.023372, 3] smbd/reply.c:4850(reply_close) close fd=164 fnum=18112 (numopen=113) [2011/10/11 16:43:34.023415, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.023475, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat, file_id = 801:1cce90:0 gen_id = 673 has kernel oplock state of 1. [2011/10/11 16:43:34.023536, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 010800000000000090CE [2011/10/11 16:43:34.023584, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.023626, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:16 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.023690, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2f44, type= 0x3, gen_id = 673, uid = 0, flags = 0, file_id 801:1cce90:0, name_hash = 0x46388632 [2011/10/11 16:43:34.023739, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x46388632 [2011/10/11 16:43:34.023784, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 010800000000000090CE [2011/10/11 16:43:34.023839, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat = 0 [2011/10/11 16:43:34.023884, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat [2011/10/11 16:43:34.023931, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.Inet.dat (numopen=112) NT_STATUS_OK [2011/10/11 16:43:34.023977, 5] smbd/files.c:464(file_free) freed files structure 18112 (223 used) [2011/10/11 16:43:34.024022, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.024048, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59396 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.024276, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.024558, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.024607, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.024649, 3] smbd/process.c:1661(process_smb) Transaction 7909 of length 45 (0 toread) [2011/10/11 16:43:34.024691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.024716, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59460 smt_wct=3 smb_vwv[ 0]=18113 (0x46C1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.024975, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.025002, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.025048, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.025092, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.025557, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.025685, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.025739, 3] smbd/reply.c:4850(reply_close) close fd=165 fnum=18113 (numopen=112) [2011/10/11 16:43:34.025782, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.025840, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat, file_id = 801:1cce8e:0 gen_id = 674 has kernel oplock state of 1. [2011/10/11 16:43:34.025900, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000008ECE [2011/10/11 16:43:34.025948, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9c0 [2011/10/11 16:43:34.025991, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:12 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.026054, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3bd9, type= 0x3, gen_id = 674, uid = 0, flags = 0, file_id 801:1cce8e:0, name_hash = 0x1f00b36e [2011/10/11 16:43:34.026103, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1f00b36e [2011/10/11 16:43:34.026148, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000008ECE [2011/10/11 16:43:34.026219, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat = 0 [2011/10/11 16:43:34.026265, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat [2011/10/11 16:43:34.026312, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registry/cache/org.openoffice.FirstStartWizard.dat (numopen=111) NT_STATUS_OK [2011/10/11 16:43:34.026357, 5] smbd/files.c:464(file_free) freed files structure 18113 (222 used) [2011/10/11 16:43:34.026405, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.026430, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59460 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.026643, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.026926, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.026977, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.027019, 3] smbd/process.c:1661(process_smb) Transaction 7910 of length 45 (0 toread) [2011/10/11 16:43:34.027061, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.027085, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59524 smt_wct=3 smb_vwv[ 0]=18114 (0x46C2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.027345, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.027372, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.027417, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.027461, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.027904, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.028032, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.028089, 3] smbd/reply.c:4850(reply_close) close fd=166 fnum=18114 (numopen=111) [2011/10/11 16:43:34.028132, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.028191, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml, file_id = 801:f0795:0 gen_id = 675 has kernel oplock state of 1. [2011/10/11 16:43:34.028251, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000009507 [2011/10/11 16:43:34.028315, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.028358, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:23:18 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.028422, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c17, type= 0x3, gen_id = 675, uid = 0, flags = 0, file_id 801:f0795:0, name_hash = 0xf735af66 [2011/10/11 16:43:34.028472, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf735af66 [2011/10/11 16:43:34.028517, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000009507 [2011/10/11 16:43:34.028572, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml = 0 [2011/10/11 16:43:34.028617, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml [2011/10/11 16:43:34.028664, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/registration.xml (numopen=110) NT_STATUS_OK [2011/10/11 16:43:34.028709, 5] smbd/files.c:464(file_free) freed files structure 18114 (221 used) [2011/10/11 16:43:34.028753, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.028778, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59524 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.028994, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.029276, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.029325, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.029367, 3] smbd/process.c:1661(process_smb) Transaction 7911 of length 45 (0 toread) [2011/10/11 16:43:34.029430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.029455, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59588 smt_wct=3 smb_vwv[ 0]=18115 (0x46C3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.029715, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.029742, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.029787, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.029831, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.030275, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.030421, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.030478, 3] smbd/reply.c:4850(reply_close) close fd=167 fnum=18115 (numopen=110) [2011/10/11 16:43:34.030521, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.030581, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm, file_id = 801:1c4e86:0 gen_id = 676 has kernel oplock state of 1. [2011/10/11 16:43:34.030641, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000864E [2011/10/11 16:43:34.030690, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.030732, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.030796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c5b, type= 0x3, gen_id = 676, uid = 0, flags = 0, file_id 801:1c4e86:0, name_hash = 0x95a997f2 [2011/10/11 16:43:34.030845, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x95a997f2 [2011/10/11 16:43:34.030890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000864E [2011/10/11 16:43:34.030945, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm = 0 [2011/10/11 16:43:34.030990, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm [2011/10/11 16:43:34.031038, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.thm (numopen=109) NT_STATUS_OK [2011/10/11 16:43:34.031083, 5] smbd/files.c:464(file_free) freed files structure 18115 (220 used) [2011/10/11 16:43:34.031128, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.031153, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59588 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.031369, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.031652, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.031702, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.031745, 3] smbd/process.c:1661(process_smb) Transaction 7912 of length 45 (0 toread) [2011/10/11 16:43:34.031787, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.031811, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59652 smt_wct=3 smb_vwv[ 0]=18116 (0x46C4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.032073, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.032101, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.032146, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.032190, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.032657, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.032787, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.032841, 3] smbd/reply.c:4850(reply_close) close fd=168 fnum=18116 (numopen=109) [2011/10/11 16:43:34.032884, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.032942, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv, file_id = 801:1c4e81:0 gen_id = 677 has kernel oplock state of 1. [2011/10/11 16:43:34.033002, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000814E [2011/10/11 16:43:34.033051, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.033093, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.033157, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3c9a, type= 0x3, gen_id = 677, uid = 0, flags = 0, file_id 801:1c4e81:0, name_hash = 0xc5320e6 [2011/10/11 16:43:34.033207, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc5320e6 [2011/10/11 16:43:34.033252, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000814E [2011/10/11 16:43:34.033307, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv = 0 [2011/10/11 16:43:34.033352, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv [2011/10/11 16:43:34.033421, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg30.sdv (numopen=108) NT_STATUS_OK [2011/10/11 16:43:34.033466, 5] smbd/files.c:464(file_free) freed files structure 18116 (219 used) [2011/10/11 16:43:34.033512, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.033538, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59652 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.033752, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.034034, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.034084, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.034127, 3] smbd/process.c:1661(process_smb) Transaction 7913 of length 45 (0 toread) [2011/10/11 16:43:34.034168, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.034193, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59716 smt_wct=3 smb_vwv[ 0]=18117 (0x46C5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.034472, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.034499, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.034544, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.034588, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.035033, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.035161, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.035217, 3] smbd/reply.c:4850(reply_close) close fd=169 fnum=18117 (numopen=108) [2011/10/11 16:43:34.035260, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.035320, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm, file_id = 801:1c4e7d:0 gen_id = 678 has kernel oplock state of 1. [2011/10/11 16:43:34.035380, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000007D4E [2011/10/11 16:43:34.035432, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.035474, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Dec 14 17:08:52 2000 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.035538, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3cd8, type= 0x3, gen_id = 678, uid = 0, flags = 0, file_id 801:1c4e7d:0, name_hash = 0x1fa8f767 [2011/10/11 16:43:34.035587, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1fa8f767 [2011/10/11 16:43:34.035635, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000007D4E [2011/10/11 16:43:34.035690, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm = 0 [2011/10/11 16:43:34.035735, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm [2011/10/11 16:43:34.035782, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.thm (numopen=107) NT_STATUS_OK [2011/10/11 16:43:34.035827, 5] smbd/files.c:464(file_free) freed files structure 18117 (218 used) [2011/10/11 16:43:34.035871, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.035896, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59716 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.036126, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.036410, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.036459, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.036501, 3] smbd/process.c:1661(process_smb) Transaction 7914 of length 45 (0 toread) [2011/10/11 16:43:34.036542, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.036567, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59780 smt_wct=3 smb_vwv[ 0]=18118 (0x46C6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.036829, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.036856, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.036901, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.036945, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.037413, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.037544, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.037599, 3] smbd/reply.c:4850(reply_close) close fd=170 fnum=18118 (numopen=107) [2011/10/11 16:43:34.037642, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.037700, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv, file_id = 801:1c4e62:0 gen_id = 679 has kernel oplock state of 1. [2011/10/11 16:43:34.037761, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000624E [2011/10/11 16:43:34.037809, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.037852, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 19 12:03:08 2000 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.037916, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3d27, type= 0x3, gen_id = 679, uid = 0, flags = 0, file_id 801:1c4e62:0, name_hash = 0x24923473 [2011/10/11 16:43:34.037965, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x24923473 [2011/10/11 16:43:34.038010, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000624E [2011/10/11 16:43:34.038065, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv = 0 [2011/10/11 16:43:34.038126, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv [2011/10/11 16:43:34.038175, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/gallery/sg100.sdv (numopen=106) NT_STATUS_OK [2011/10/11 16:43:34.038219, 5] smbd/files.c:464(file_free) freed files structure 18118 (217 used) [2011/10/11 16:43:34.038265, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.038290, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59780 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.038506, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.038789, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.038841, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.038883, 3] smbd/process.c:1661(process_smb) Transaction 7915 of length 45 (0 toread) [2011/10/11 16:43:34.038925, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.038950, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59844 smt_wct=3 smb_vwv[ 0]=18119 (0x46C7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.039212, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.039239, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.039284, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.039328, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.039778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.039907, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.039962, 3] smbd/reply.c:4850(reply_close) close fd=171 fnum=18119 (numopen=106) [2011/10/11 16:43:34.040005, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.040063, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb, file_id = 801:1bcec5:0 gen_id = 680 has kernel oplock state of 1. [2011/10/11 16:43:34.040123, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C5CE [2011/10/11 16:43:34.040175, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.040218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Dec 13 18:37:04 2006 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.040299, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3f04, type= 0x3, gen_id = 680, uid = 0, flags = 0, file_id 801:1bcec5:0, name_hash = 0xaeeec502 [2011/10/11 16:43:34.040349, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaeeec502 [2011/10/11 16:43:34.040397, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C5CE [2011/10/11 16:43:34.040452, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb = 0 [2011/10/11 16:43:34.040498, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb [2011/10/11 16:43:34.040545, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio.odb (numopen=105) NT_STATUS_OK [2011/10/11 16:43:34.040590, 5] smbd/files.c:464(file_free) freed files structure 18119 (216 used) [2011/10/11 16:43:34.040637, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.040662, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59844 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.040879, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.041157, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.041206, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.041248, 3] smbd/process.c:1661(process_smb) Transaction 7916 of length 45 (0 toread) [2011/10/11 16:43:34.041290, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.041315, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59908 smt_wct=3 smb_vwv[ 0]=18121 (0x46C9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.041598, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.041626, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.041671, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.041715, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.042162, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.042292, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.042367, 3] smbd/reply.c:4850(reply_close) close fd=173 fnum=18121 (numopen=105) [2011/10/11 16:43:34.042411, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.042469, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf, file_id = 801:1c0e18:0 gen_id = 682 has kernel oplock state of 1. [2011/10/11 16:43:34.042530, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000180E [2011/10/11 16:43:34.042578, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.042621, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 28 17:54:02 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.042685, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4bd7, type= 0x3, gen_id = 682, uid = 0, flags = 0, file_id 801:1c0e18:0, name_hash = 0x50c09e6d [2011/10/11 16:43:34.042734, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x50c09e6d [2011/10/11 16:43:34.042779, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000180E [2011/10/11 16:43:34.042833, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf = 0 [2011/10/11 16:43:34.042879, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf [2011/10/11 16:43:34.042927, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbf (numopen=104) NT_STATUS_OK [2011/10/11 16:43:34.042971, 5] smbd/files.c:464(file_free) freed files structure 18121 (215 used) [2011/10/11 16:43:34.043017, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.043042, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59908 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.043258, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.043541, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.043593, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.043635, 3] smbd/process.c:1661(process_smb) Transaction 7917 of length 45 (0 toread) [2011/10/11 16:43:34.043677, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.043702, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59972 smt_wct=3 smb_vwv[ 0]=18122 (0x46CA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.043964, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.043991, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.044036, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.044080, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.044546, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.044676, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.044730, 3] smbd/reply.c:4850(reply_close) close fd=174 fnum=18122 (numopen=104) [2011/10/11 16:43:34.044773, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.044832, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc, file_id = 801:109a56:0 gen_id = 683 has kernel oplock state of 1. [2011/10/11 16:43:34.044892, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000569A [2011/10/11 16:43:34.044941, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.044983, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.045047, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c1b, type= 0x3, gen_id = 683, uid = 0, flags = 0, file_id 801:109a56:0, name_hash = 0x3e66f9c [2011/10/11 16:43:34.045097, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3e66f9c [2011/10/11 16:43:34.045142, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000569A [2011/10/11 16:43:34.045197, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc = 0 [2011/10/11 16:43:34.045242, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc [2011/10/11 16:43:34.045289, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/web.soc (numopen=103) NT_STATUS_OK [2011/10/11 16:43:34.045334, 5] smbd/files.c:464(file_free) freed files structure 18122 (214 used) [2011/10/11 16:43:34.045397, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.045424, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=59972 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.045638, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.045926, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.045976, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.046018, 3] smbd/process.c:1661(process_smb) Transaction 7918 of length 45 (0 toread) [2011/10/11 16:43:34.046059, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.046084, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60036 smt_wct=3 smb_vwv[ 0]=18123 (0x46CB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.046346, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.046372, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.046436, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.046480, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.046925, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.047053, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.047107, 3] smbd/reply.c:4850(reply_close) close fd=175 fnum=18123 (numopen=103) [2011/10/11 16:43:34.047150, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.047209, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc, file_id = 801:109a55:0 gen_id = 684 has kernel oplock state of 1. [2011/10/11 16:43:34.047270, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000559A [2011/10/11 16:43:34.047318, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.047360, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu Sep 13 16:40:32 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.047423, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c5a, type= 0x3, gen_id = 684, uid = 0, flags = 0, file_id 801:109a55:0, name_hash = 0xee2d9552 [2011/10/11 16:43:34.047473, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xee2d9552 [2011/10/11 16:43:34.047518, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000559A [2011/10/11 16:43:34.047573, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc = 0 [2011/10/11 16:43:34.047618, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc [2011/10/11 16:43:34.047665, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/sun-color.soc (numopen=102) NT_STATUS_OK [2011/10/11 16:43:34.047710, 5] smbd/files.c:464(file_free) freed files structure 18123 (213 used) [2011/10/11 16:43:34.047756, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.047781, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60036 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.047996, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.048296, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.048346, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.048388, 3] smbd/process.c:1661(process_smb) Transaction 7919 of length 45 (0 toread) [2011/10/11 16:43:34.048430, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.048455, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60100 smt_wct=3 smb_vwv[ 0]=18124 (0x46CC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.048716, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.048742, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.048788, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.048831, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.049275, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.049425, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.049481, 3] smbd/reply.c:4850(reply_close) close fd=176 fnum=18124 (numopen=102) [2011/10/11 16:43:34.049523, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.049582, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod, file_id = 801:109a54:0 gen_id = 685 has kernel oplock state of 1. [2011/10/11 16:43:34.049642, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000549A [2011/10/11 16:43:34.049690, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.049732, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:07:28 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.049796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4c98, type= 0x3, gen_id = 685, uid = 0, flags = 0, file_id 801:109a54:0, name_hash = 0x3f452c98 [2011/10/11 16:43:34.049845, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3f452c98 [2011/10/11 16:43:34.049890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000549A [2011/10/11 16:43:34.049944, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod = 0 [2011/10/11 16:43:34.049989, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod [2011/10/11 16:43:34.050053, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/styles_nl.sod (numopen=101) NT_STATUS_OK [2011/10/11 16:43:34.050098, 5] smbd/files.c:464(file_free) freed files structure 18124 (212 used) [2011/10/11 16:43:34.050144, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.050169, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60100 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.050383, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.050680, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.050731, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.050772, 3] smbd/process.c:1661(process_smb) Transaction 7920 of length 45 (0 toread) [2011/10/11 16:43:34.050814, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.050839, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60164 smt_wct=3 smb_vwv[ 0]=18125 (0x46CD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.051099, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.051126, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.051172, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.051215, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.051660, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.051788, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.051845, 3] smbd/reply.c:4850(reply_close) close fd=177 fnum=18125 (numopen=101) [2011/10/11 16:43:34.051887, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.051947, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh, file_id = 801:109a53:0 gen_id = 686 has kernel oplock state of 1. [2011/10/11 16:43:34.052008, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000539A [2011/10/11 16:43:34.052056, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.052098, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.052162, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4ce7, type= 0x3, gen_id = 686, uid = 0, flags = 0, file_id 801:109a53:0, name_hash = 0x6c2f9c38 [2011/10/11 16:43:34.052229, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6c2f9c38 [2011/10/11 16:43:34.052274, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000539A [2011/10/11 16:43:34.052329, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh = 0 [2011/10/11 16:43:34.052374, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh [2011/10/11 16:43:34.052420, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soh (numopen=100) NT_STATUS_OK [2011/10/11 16:43:34.052465, 5] smbd/files.c:464(file_free) freed files structure 18125 (211 used) [2011/10/11 16:43:34.052512, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.052538, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60164 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.052753, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.053048, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.053098, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.053140, 3] smbd/process.c:1661(process_smb) Transaction 7921 of length 45 (0 toread) [2011/10/11 16:43:34.053181, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.053206, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60228 smt_wct=3 smb_vwv[ 0]=18120 (0x46C8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.053488, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.053516, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.053561, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.053605, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.054051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.054180, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.054234, 3] smbd/reply.c:4850(reply_close) close fd=172 fnum=18120 (numopen=100) [2011/10/11 16:43:34.054276, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.054353, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt, file_id = 801:1c0e19:0 gen_id = 681 has kernel oplock state of 1. [2011/10/11 16:43:34.054413, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000190E [2011/10/11 16:43:34.054461, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9b0 [2011/10/11 16:43:34.054503, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 28 17:54:22 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.054567, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4b99, type= 0x3, gen_id = 681, uid = 0, flags = 0, file_id 801:1c0e19:0, name_hash = 0xc7e09383 [2011/10/11 16:43:34.054616, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc7e09383 [2011/10/11 16:43:34.054661, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000190E [2011/10/11 16:43:34.054714, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt = 0 [2011/10/11 16:43:34.054760, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt [2011/10/11 16:43:34.054806, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/database/biblio/biblio.dbt (numopen=99) NT_STATUS_OK [2011/10/11 16:43:34.054851, 5] smbd/files.c:464(file_free) freed files structure 18120 (210 used) [2011/10/11 16:43:34.054897, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.054922, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60228 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.055135, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.055451, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.055502, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.055544, 3] smbd/process.c:1661(process_smb) Transaction 7922 of length 45 (0 toread) [2011/10/11 16:43:34.055585, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.055610, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60292 smt_wct=3 smb_vwv[ 0]=18126 (0x46CE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.055889, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.055917, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.055962, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.056006, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.056469, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.056598, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.056654, 3] smbd/reply.c:4850(reply_close) close fd=178 fnum=18126 (numopen=99) [2011/10/11 16:43:34.056696, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.056756, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog, file_id = 801:109a51:0 gen_id = 687 has kernel oplock state of 1. [2011/10/11 16:43:34.056816, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000519A [2011/10/11 16:43:34.056865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d8d9a0 [2011/10/11 16:43:34.056907, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.056971, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x4ec4, type= 0x3, gen_id = 687, uid = 0, flags = 0, file_id 801:109a51:0, name_hash = 0x45c9fca2 [2011/10/11 16:43:34.057021, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x45c9fca2 [2011/10/11 16:43:34.057066, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000519A [2011/10/11 16:43:34.057121, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog = 0 [2011/10/11 16:43:34.057166, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog [2011/10/11 16:43:34.057212, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sog (numopen=98) NT_STATUS_OK [2011/10/11 16:43:34.057257, 5] smbd/files.c:464(file_free) freed files structure 18126 (209 used) [2011/10/11 16:43:34.057303, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.057328, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60292 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.057564, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.057636, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 84 [2011/10/11 16:43:34.057684, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x54 [2011/10/11 16:43:34.057726, 3] smbd/process.c:1661(process_smb) Transaction 7923 of length 88 (0 toread) [2011/10/11 16:43:34.057795, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.057821, 5] lib/util.c:341(show_msg) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=60389 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]=18495 (0x483F) smb_vwv[22]= 1 (0x1) smb_bcc=3 [2011/10/11 16:43:34.058418, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ... [2011/10/11 16:43:34.058472, 3] smbd/process.c:1466(switch_message) switch message SMBnttrans (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:34.058519, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.058562, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.059006, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.059135, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.059179, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:34.059229, 10] smbd/nttrans.c:3054(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 [2011/10/11 16:43:34.059273, 10] smbd/nttrans.c:3126(reply_nttrans) reply_nttrans: state->setup_count = 8 [2011/10/11 16:43:34.059315, 10] ../lib/util/util.c:415(dump_data) [0000] 03 00 00 00 3F 48 01 00 ....?H.. [2011/10/11 16:43:34.059371, 3] smbd/nttrans.c:1697(call_nt_transact_notify_change) call_nt_transact_notify_change [2011/10/11 16:43:34.059416, 3] smbd/nttrans.c:1714(call_nt_transact_notify_change) call_nt_transact_notify_change: notify change called on ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, filter = FILE_NAME|DIR_NAME, recursive = 1 [2011/10/11 16:43:34.059460, 10] smbd/notify.c:228(change_notify_add_request) change_notify_add_request: Adding request for ando/Microsoft/Internet Explorer/Quick Launch/User Pinned: max_param = 32 [2011/10/11 16:43:34.059525, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.059571, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.059613, 3] smbd/process.c:1661(process_smb) Transaction 7924 of length 45 (0 toread) [2011/10/11 16:43:34.059654, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.059679, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60420 smt_wct=3 smb_vwv[ 0]=18127 (0x46CF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.059940, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.059967, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.060011, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.060068, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.060515, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.060642, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.060685, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp/andolan/profs [2011/10/11 16:43:34.060743, 3] smbd/reply.c:4850(reply_close) close fd=179 fnum=18127 (numopen=98) [2011/10/11 16:43:34.060785, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.060845, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe, file_id = 801:109a50:0 gen_id = 688 has kernel oplock state of 1. [2011/10/11 16:43:34.060905, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000509A [2011/10/11 16:43:34.060954, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.060996, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue May 15 14:11:30 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.061061, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6230, type= 0x3, gen_id = 688, uid = 0, flags = 0, file_id 801:109a50:0, name_hash = 0x2c6f11ed [2011/10/11 16:43:34.061110, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2c6f11ed [2011/10/11 16:43:34.061155, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000509A [2011/10/11 16:43:34.061209, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe = 0 [2011/10/11 16:43:34.061255, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe [2011/10/11 16:43:34.061301, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soe (numopen=97) NT_STATUS_OK [2011/10/11 16:43:34.061346, 5] smbd/files.c:464(file_free) freed files structure 18127 (208 used) [2011/10/11 16:43:34.061412, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.061438, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60420 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.061653, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.061902, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.061971, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.062014, 3] smbd/process.c:1661(process_smb) Transaction 7925 of length 45 (0 toread) [2011/10/11 16:43:34.062056, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.062081, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60484 smt_wct=3 smb_vwv[ 0]=18128 (0x46D0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.062342, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.062369, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.062415, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.062459, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.062907, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.063037, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.063095, 3] smbd/reply.c:4850(reply_close) close fd=180 fnum=18128 (numopen=97) [2011/10/11 16:43:34.063138, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.063197, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod, file_id = 801:109a4f:0 gen_id = 689 has kernel oplock state of 1. [2011/10/11 16:43:34.063258, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004F9A [2011/10/11 16:43:34.063306, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.063348, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue May 15 13:28:18 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.063413, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x625b, type= 0x3, gen_id = 689, uid = 0, flags = 0, file_id 801:109a4f:0, name_hash = 0x700d94d9 [2011/10/11 16:43:34.063462, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x700d94d9 [2011/10/11 16:43:34.063511, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004F9A [2011/10/11 16:43:34.063566, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod = 0 [2011/10/11 16:43:34.063611, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod [2011/10/11 16:43:34.063672, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sod (numopen=96) NT_STATUS_OK [2011/10/11 16:43:34.063717, 5] smbd/files.c:464(file_free) freed files structure 18128 (207 used) [2011/10/11 16:43:34.063764, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.063789, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60484 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.064004, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.064205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.064254, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.064296, 3] smbd/process.c:1661(process_smb) Transaction 7926 of length 45 (0 toread) [2011/10/11 16:43:34.064338, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.064363, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60548 smt_wct=3 smb_vwv[ 0]=18129 (0x46D1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.064624, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.064651, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.064696, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.064740, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.065185, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.065314, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.065369, 3] smbd/reply.c:4850(reply_close) close fd=181 fnum=18129 (numopen=96) [2011/10/11 16:43:34.065433, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.065492, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc, file_id = 801:109a4e:0 gen_id = 690 has kernel oplock state of 1. [2011/10/11 16:43:34.065552, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004E9A [2011/10/11 16:43:34.065600, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.065643, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 3 16:32:24 2007 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.065707, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x629a, type= 0x3, gen_id = 690, uid = 0, flags = 0, file_id 801:109a4e:0, name_hash = 0xf4ce91e2 [2011/10/11 16:43:34.065778, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf4ce91e2 [2011/10/11 16:43:34.065824, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004E9A [2011/10/11 16:43:34.065878, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc = 0 [2011/10/11 16:43:34.065923, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc [2011/10/11 16:43:34.065970, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.soc (numopen=95) NT_STATUS_OK [2011/10/11 16:43:34.066015, 5] smbd/files.c:464(file_free) freed files structure 18129 (206 used) [2011/10/11 16:43:34.066061, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.066086, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60548 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.066302, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.066538, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.066588, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.066631, 3] smbd/process.c:1661(process_smb) Transaction 7927 of length 45 (0 toread) [2011/10/11 16:43:34.066672, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.066697, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60612 smt_wct=3 smb_vwv[ 0]=18130 (0x46D2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.066959, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.066987, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.067032, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.067075, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.067523, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.067653, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.067710, 3] smbd/reply.c:4850(reply_close) close fd=182 fnum=18130 (numopen=95) [2011/10/11 16:43:34.067753, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.067828, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob, file_id = 801:109a4d:0 gen_id = 691 has kernel oplock state of 1. [2011/10/11 16:43:34.067889, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004D9A [2011/10/11 16:43:34.067938, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.067980, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 26 13:23:24 2002 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.068044, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x62d8, type= 0x3, gen_id = 691, uid = 0, flags = 0, file_id 801:109a4d:0, name_hash = 0xde293782 [2011/10/11 16:43:34.068094, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xde293782 [2011/10/11 16:43:34.068139, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004D9A [2011/10/11 16:43:34.068193, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob = 0 [2011/10/11 16:43:34.068238, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob [2011/10/11 16:43:34.068285, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/standard.sob (numopen=94) NT_STATUS_OK [2011/10/11 16:43:34.068330, 5] smbd/files.c:464(file_free) freed files structure 18130 (205 used) [2011/10/11 16:43:34.068376, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.068401, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60612 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.068616, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.068886, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.068935, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.068977, 3] smbd/process.c:1661(process_smb) Transaction 7928 of length 45 (0 toread) [2011/10/11 16:43:34.069019, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.069044, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60676 smt_wct=3 smb_vwv[ 0]=18131 (0x46D3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.069306, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.069333, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.069399, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.069444, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.069910, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.070040, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.070097, 3] smbd/reply.c:4850(reply_close) close fd=183 fnum=18131 (numopen=94) [2011/10/11 16:43:34.070141, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.070201, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc, file_id = 801:109a4c:0 gen_id = 692 has kernel oplock state of 1. [2011/10/11 16:43:34.070261, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004C9A [2011/10/11 16:43:34.070310, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.070352, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:06:48 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.070416, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6327, type= 0x3, gen_id = 692, uid = 0, flags = 0, file_id 801:109a4c:0, name_hash = 0x1b975ec2 [2011/10/11 16:43:34.070466, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x1b975ec2 [2011/10/11 16:43:34.070511, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004C9A [2011/10/11 16:43:34.070564, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc = 0 [2011/10/11 16:43:34.070610, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc [2011/10/11 16:43:34.070657, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/palette_nl.soc (numopen=93) NT_STATUS_OK [2011/10/11 16:43:34.070701, 5] smbd/files.c:464(file_free) freed files structure 18131 (204 used) [2011/10/11 16:43:34.070747, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.070772, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60676 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.070988, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.071205, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.071256, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.071298, 3] smbd/process.c:1661(process_smb) Transaction 7929 of length 45 (0 toread) [2011/10/11 16:43:34.071340, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.071365, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60740 smt_wct=3 smb_vwv[ 0]=18132 (0x46D4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.071628, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.071656, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.071701, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.071762, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.072212, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.072342, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.072395, 3] smbd/reply.c:4850(reply_close) close fd=184 fnum=18132 (numopen=93) [2011/10/11 16:43:34.072437, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.072496, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog, file_id = 801:109a4b:0 gen_id = 693 has kernel oplock state of 1. [2011/10/11 16:43:34.072556, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004B9A [2011/10/11 16:43:34.072609, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.072651, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:05:48 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.072715, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x63a8, type= 0x3, gen_id = 693, uid = 0, flags = 0, file_id 801:109a4b:0, name_hash = 0x80fc5d2f [2011/10/11 16:43:34.072765, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x80fc5d2f [2011/10/11 16:43:34.072813, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004B9A [2011/10/11 16:43:34.072867, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog = 0 [2011/10/11 16:43:34.072913, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog [2011/10/11 16:43:34.072960, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/modern_nl.sog (numopen=92) NT_STATUS_OK [2011/10/11 16:43:34.073004, 5] smbd/files.c:464(file_free) freed files structure 18132 (203 used) [2011/10/11 16:43:34.073050, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.073075, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60740 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.073291, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.073599, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.073650, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.073709, 3] smbd/process.c:1661(process_smb) Transaction 7930 of length 45 (0 toread) [2011/10/11 16:43:34.073752, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.073777, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60804 smt_wct=3 smb_vwv[ 0]=18133 (0x46D5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.074037, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.074065, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.074110, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.074153, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.074596, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.074725, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.074781, 3] smbd/reply.c:4850(reply_close) close fd=185 fnum=18133 (numopen=92) [2011/10/11 16:43:34.074823, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.074883, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml, file_id = 801:109a4a:0 gen_id = 694 has kernel oplock state of 1. [2011/10/11 16:43:34.074944, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004A9A [2011/10/11 16:43:34.074995, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.075037, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 14:21:19 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.075101, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x6504, type= 0x3, gen_id = 694, uid = 0, flags = 0, file_id 801:109a4a:0, name_hash = 0xaf2aacb8 [2011/10/11 16:43:34.075150, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaf2aacb8 [2011/10/11 16:43:34.075198, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004A9A [2011/10/11 16:43:34.075252, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml = 0 [2011/10/11 16:43:34.075297, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml [2011/10/11 16:43:34.075344, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/javasettings_Windows_x86.xml (numopen=91) NT_STATUS_OK [2011/10/11 16:43:34.075404, 5] smbd/files.c:464(file_free) freed files structure 18133 (202 used) [2011/10/11 16:43:34.075451, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.075476, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60804 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.075689, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.075887, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.075937, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.075979, 3] smbd/process.c:1661(process_smb) Transaction 7931 of length 45 (0 toread) [2011/10/11 16:43:34.076021, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.076046, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60868 smt_wct=3 smb_vwv[ 0]=18134 (0x46D6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.076308, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.076335, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.076380, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.076424, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.076870, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.076999, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.077052, 3] smbd/reply.c:4850(reply_close) close fd=186 fnum=18134 (numopen=91) [2011/10/11 16:43:34.077095, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.077152, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc, file_id = 801:109a49:0 gen_id = 695 has kernel oplock state of 1. [2011/10/11 16:43:34.077212, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000499A [2011/10/11 16:43:34.077260, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.077302, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Mar 25 19:22:08 2003 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.077366, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x74b0, type= 0x3, gen_id = 695, uid = 0, flags = 0, file_id 801:109a49:0, name_hash = 0x6557ff81 [2011/10/11 16:43:34.077452, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6557ff81 [2011/10/11 16:43:34.077499, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000499A [2011/10/11 16:43:34.077552, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc = 0 [2011/10/11 16:43:34.077598, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc [2011/10/11 16:43:34.077645, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/html.soc (numopen=90) NT_STATUS_OK [2011/10/11 16:43:34.077690, 5] smbd/files.c:464(file_free) freed files structure 18134 (201 used) [2011/10/11 16:43:34.077736, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.077761, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60868 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.077976, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.078170, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.078220, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.078263, 3] smbd/process.c:1661(process_smb) Transaction 7932 of length 45 (0 toread) [2011/10/11 16:43:34.078305, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.078330, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60932 smt_wct=3 smb_vwv[ 0]=18135 (0x46D7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.078592, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.078620, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.078665, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.078709, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.079158, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.079288, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.079343, 3] smbd/reply.c:4850(reply_close) close fd=187 fnum=18135 (numopen=90) [2011/10/11 16:43:34.079386, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.079445, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh, file_id = 801:109a3f:0 gen_id = 696 has kernel oplock state of 1. [2011/10/11 16:43:34.079523, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003F9A [2011/10/11 16:43:34.079572, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.079614, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:05:00 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.079678, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x74db, type= 0x3, gen_id = 696, uid = 0, flags = 0, file_id 801:109a3f:0, name_hash = 0xa6026e26 [2011/10/11 16:43:34.079728, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa6026e26 [2011/10/11 16:43:34.079773, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003F9A [2011/10/11 16:43:34.079827, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh = 0 [2011/10/11 16:43:34.079872, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh [2011/10/11 16:43:34.079919, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/hatching_nl.soh (numopen=89) NT_STATUS_OK [2011/10/11 16:43:34.079964, 5] smbd/files.c:464(file_free) freed files structure 18135 (200 used) [2011/10/11 16:43:34.080012, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.080037, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60932 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.080250, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.080439, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.080489, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.080531, 3] smbd/process.c:1661(process_smb) Transaction 7933 of length 45 (0 toread) [2011/10/11 16:43:34.080573, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.080598, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60996 smt_wct=3 smb_vwv[ 0]=18136 (0x46D8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.080859, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.080887, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.080932, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.080976, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.081459, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.081590, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.081644, 3] smbd/reply.c:4850(reply_close) close fd=188 fnum=18136 (numopen=89) [2011/10/11 16:43:34.081686, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.081746, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc, file_id = 801:109a3e:0 gen_id = 697 has kernel oplock state of 1. [2011/10/11 16:43:34.081806, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003E9A [2011/10/11 16:43:34.081855, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.081897, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jun 20 16:47:46 2001 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.081961, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x751a, type= 0x3, gen_id = 697, uid = 0, flags = 0, file_id 801:109a3e:0, name_hash = 0xe06c0c6b [2011/10/11 16:43:34.082011, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe06c0c6b [2011/10/11 16:43:34.082056, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003E9A [2011/10/11 16:43:34.082109, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc = 0 [2011/10/11 16:43:34.082155, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc [2011/10/11 16:43:34.082202, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/gallery.soc (numopen=88) NT_STATUS_OK [2011/10/11 16:43:34.082247, 5] smbd/files.c:464(file_free) freed files structure 18136 (199 used) [2011/10/11 16:43:34.082291, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.082316, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=60996 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.082532, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.082786, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.082837, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.082879, 3] smbd/process.c:1661(process_smb) Transaction 7934 of length 45 (0 toread) [2011/10/11 16:43:34.082921, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.082946, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61060 smt_wct=3 smb_vwv[ 0]=18137 (0x46D9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.083207, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.083235, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.083280, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.083324, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.083790, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.083919, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.083972, 3] smbd/reply.c:4850(reply_close) close fd=189 fnum=18137 (numopen=88) [2011/10/11 16:43:34.084015, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.084075, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc, file_id = 801:109a3d:0 gen_id = 698 has kernel oplock state of 1. [2011/10/11 16:43:34.084135, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003D9A [2011/10/11 16:43:34.084183, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.084226, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Mar 16 15:44:46 2001 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.084290, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7567, type= 0x3, gen_id = 698, uid = 0, flags = 0, file_id 801:109a3d:0, name_hash = 0x97a9efe2 [2011/10/11 16:43:34.084340, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x97a9efe2 [2011/10/11 16:43:34.084385, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003D9A [2011/10/11 16:43:34.084439, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc = 0 [2011/10/11 16:43:34.084485, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc [2011/10/11 16:43:34.084532, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/cmyk.soc (numopen=87) NT_STATUS_OK [2011/10/11 16:43:34.084577, 5] smbd/files.c:464(file_free) freed files structure 18137 (198 used) [2011/10/11 16:43:34.084624, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.084649, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61060 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.084868, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.085121, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.085170, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.085212, 3] smbd/process.c:1661(process_smb) Transaction 7935 of length 45 (0 toread) [2011/10/11 16:43:34.085255, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.085295, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61124 smt_wct=3 smb_vwv[ 0]=18138 (0x46DA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.085581, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.085608, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.085653, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.085697, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.086147, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.086277, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.086330, 3] smbd/reply.c:4850(reply_close) close fd=190 fnum=18138 (numopen=87) [2011/10/11 16:43:34.086373, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.086433, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog, file_id = 801:109a3c:0 gen_id = 699 has kernel oplock state of 1. [2011/10/11 16:43:34.086495, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003C9A [2011/10/11 16:43:34.086543, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.086585, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:04:20 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.086650, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7597, type= 0x3, gen_id = 699, uid = 0, flags = 0, file_id 801:109a3c:0, name_hash = 0xa562da [2011/10/11 16:43:34.086700, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa562da [2011/10/11 16:43:34.086745, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003C9A [2011/10/11 16:43:34.086799, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog = 0 [2011/10/11 16:43:34.086845, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog [2011/10/11 16:43:34.086892, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/classic_nl.sog (numopen=86) NT_STATUS_OK [2011/10/11 16:43:34.086951, 5] smbd/files.c:464(file_free) freed files structure 18138 (197 used) [2011/10/11 16:43:34.086998, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.087023, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61124 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.087236, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.087500, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.087551, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.087593, 3] smbd/process.c:1661(process_smb) Transaction 7936 of length 45 (0 toread) [2011/10/11 16:43:34.087635, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.087660, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61188 smt_wct=3 smb_vwv[ 0]=18139 (0x46DB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.087921, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.087947, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.087993, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.088036, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.088483, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.088612, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.088667, 3] smbd/reply.c:4850(reply_close) close fd=191 fnum=18139 (numopen=86) [2011/10/11 16:43:34.088709, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.088767, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt, file_id = 801:109a3b:0 gen_id = 700 has kernel oplock state of 1. [2011/10/11 16:43:34.088827, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003B9A [2011/10/11 16:43:34.088875, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.088917, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 17:34:58 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.088980, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7628, type= 0x3, gen_id = 700, uid = 0, flags = 0, file_id 801:109a3b:0, name_hash = 0x43447f7a [2011/10/11 16:43:34.089030, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x43447f7a [2011/10/11 16:43:34.089097, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003B9A [2011/10/11 16:43:34.089151, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt = 0 [2011/10/11 16:43:34.089196, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt [2011/10/11 16:43:34.089244, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/autotbl.fmt (numopen=85) NT_STATUS_OK [2011/10/11 16:43:34.089289, 5] smbd/files.c:464(file_free) freed files structure 18139 (196 used) [2011/10/11 16:43:34.089335, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.089360, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61188 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.089597, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.089853, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.089903, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.089946, 3] smbd/process.c:1661(process_smb) Transaction 7937 of length 45 (0 toread) [2011/10/11 16:43:34.089988, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.090012, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61252 smt_wct=3 smb_vwv[ 0]=18140 (0x46DC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.090274, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.090302, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.090347, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.090391, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.090838, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.090968, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.091023, 3] smbd/reply.c:4850(reply_close) close fd=192 fnum=18140 (numopen=85) [2011/10/11 16:43:34.091066, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.091126, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe, file_id = 801:109a3a:0 gen_id = 701 has kernel oplock state of 1. [2011/10/11 16:43:34.091203, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000003A9A [2011/10/11 16:43:34.091253, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.091295, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Sep 28 19:04:00 2005 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.091359, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x7784, type= 0x3, gen_id = 701, uid = 0, flags = 0, file_id 801:109a3a:0, name_hash = 0xb334d47d [2011/10/11 16:43:34.091409, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb334d47d [2011/10/11 16:43:34.091454, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000003A9A [2011/10/11 16:43:34.091508, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe = 0 [2011/10/11 16:43:34.091553, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe [2011/10/11 16:43:34.091600, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/config/arrowhd_nl.soe (numopen=84) NT_STATUS_OK [2011/10/11 16:43:34.091645, 5] smbd/files.c:464(file_free) freed files structure 18140 (195 used) [2011/10/11 16:43:34.091691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.091716, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61252 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.091931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.092182, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.092231, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.092273, 3] smbd/process.c:1661(process_smb) Transaction 7938 of length 45 (0 toread) [2011/10/11 16:43:34.092315, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.092340, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61316 smt_wct=3 smb_vwv[ 0]=18141 (0x46DD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.092601, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.092628, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.092674, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.092717, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.093164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.093310, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.093364, 3] smbd/reply.c:4850(reply_close) close fd=193 fnum=18141 (numopen=84) [2011/10/11 16:43:34.093447, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.093508, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb, file_id = 801:105b66:0 gen_id = 702 has kernel oplock state of 1. [2011/10/11 16:43:34.093569, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000665B [2011/10/11 16:43:34.093618, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.093660, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.093725, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x84b0, type= 0x3, gen_id = 702, uid = 0, flags = 0, file_id 801:105b66:0, name_hash = 0xbdd671e7 [2011/10/11 16:43:34.093775, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbdd671e7 [2011/10/11 16:43:34.093820, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000665B [2011/10/11 16:43:34.093874, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb = 0 [2011/10/11 16:43:34.093919, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb [2011/10/11 16:43:34.093967, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/script.xlb (numopen=83) NT_STATUS_OK [2011/10/11 16:43:34.094012, 5] smbd/files.c:464(file_free) freed files structure 18141 (194 used) [2011/10/11 16:43:34.094058, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.094083, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61316 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.094296, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.094554, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.094604, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.094646, 3] smbd/process.c:1661(process_smb) Transaction 7939 of length 45 (0 toread) [2011/10/11 16:43:34.094688, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.094713, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61380 smt_wct=3 smb_vwv[ 0]=18142 (0x46DE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.094975, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.095003, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.095048, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.095092, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.095559, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.095689, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.095746, 3] smbd/reply.c:4850(reply_close) close fd=194 fnum=18142 (numopen=83) [2011/10/11 16:43:34.095788, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.095848, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba, file_id = 801:105b65:0 gen_id = 703 has kernel oplock state of 1. [2011/10/11 16:43:34.095909, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000655B [2011/10/11 16:43:34.095957, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.095999, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.096064, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x84db, type= 0x3, gen_id = 703, uid = 0, flags = 0, file_id 801:105b65:0, name_hash = 0xbb46dac3 [2011/10/11 16:43:34.096114, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xbb46dac3 [2011/10/11 16:43:34.096159, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000655B [2011/10/11 16:43:34.096213, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba = 0 [2011/10/11 16:43:34.096258, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba [2011/10/11 16:43:34.096306, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/Module1.xba (numopen=82) NT_STATUS_OK [2011/10/11 16:43:34.096350, 5] smbd/files.c:464(file_free) freed files structure 18142 (193 used) [2011/10/11 16:43:34.096396, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.096421, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61380 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.096634, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.096852, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.096901, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.096944, 3] smbd/process.c:1661(process_smb) Transaction 7940 of length 45 (0 toread) [2011/10/11 16:43:34.096986, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.097010, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61444 smt_wct=3 smb_vwv[ 0]=18143 (0x46DF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.097289, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.097316, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.097361, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.097426, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.097874, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.098004, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.098056, 3] smbd/reply.c:4850(reply_close) close fd=195 fnum=18143 (numopen=82) [2011/10/11 16:43:34.098098, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.098158, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb, file_id = 801:105b64:0 gen_id = 704 has kernel oplock state of 1. [2011/10/11 16:43:34.098218, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000645B [2011/10/11 16:43:34.098267, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.098308, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.098373, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x851a, type= 0x3, gen_id = 704, uid = 0, flags = 0, file_id 801:105b64:0, name_hash = 0x532884fb [2011/10/11 16:43:34.098422, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x532884fb [2011/10/11 16:43:34.098467, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000645B [2011/10/11 16:43:34.098521, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb = 0 [2011/10/11 16:43:34.098566, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb [2011/10/11 16:43:34.098613, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/Standard/dialog.xlb (numopen=81) NT_STATUS_OK [2011/10/11 16:43:34.098657, 5] smbd/files.c:464(file_free) freed files structure 18143 (192 used) [2011/10/11 16:43:34.098717, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.098743, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61444 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.098955, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.099150, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.099201, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.099243, 3] smbd/process.c:1661(process_smb) Transaction 7941 of length 45 (0 toread) [2011/10/11 16:43:34.099285, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.099310, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61508 smt_wct=3 smb_vwv[ 0]=18144 (0x46E0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.099571, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.099598, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.099643, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.099687, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.100132, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.100260, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.100313, 3] smbd/reply.c:4850(reply_close) close fd=196 fnum=18144 (numopen=81) [2011/10/11 16:43:34.100355, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.100415, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc, file_id = 801:101a69:0 gen_id = 705 has kernel oplock state of 1. [2011/10/11 16:43:34.100475, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000691A [2011/10/11 16:43:34.100523, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.100565, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.100629, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8567, type= 0x3, gen_id = 705, uid = 0, flags = 0, file_id 801:101a69:0, name_hash = 0x2a431e9c [2011/10/11 16:43:34.100678, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x2a431e9c [2011/10/11 16:43:34.100723, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000691A [2011/10/11 16:43:34.100796, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc = 0 [2011/10/11 16:43:34.100841, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc [2011/10/11 16:43:34.100888, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/script.xlc (numopen=80) NT_STATUS_OK [2011/10/11 16:43:34.100933, 5] smbd/files.c:464(file_free) freed files structure 18144 (191 used) [2011/10/11 16:43:34.100979, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.101004, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61508 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.101219, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.101694, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.101745, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.101787, 3] smbd/process.c:1661(process_smb) Transaction 7942 of length 45 (0 toread) [2011/10/11 16:43:34.101829, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.101854, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61572 smt_wct=3 smb_vwv[ 0]=18145 (0x46E1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.102115, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.102142, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.102188, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.102232, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.102678, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.102808, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.102861, 3] smbd/reply.c:4850(reply_close) close fd=197 fnum=18145 (numopen=80) [2011/10/11 16:43:34.102904, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.102964, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc, file_id = 801:101a61:0 gen_id = 706 has kernel oplock state of 1. [2011/10/11 16:43:34.103023, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000611A [2011/10/11 16:43:34.103089, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.103132, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Sep 30 17:39:34 2008 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.103197, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x85d7, type= 0x3, gen_id = 706, uid = 0, flags = 0, file_id 801:101a61:0, name_hash = 0xc4276ee0 [2011/10/11 16:43:34.103246, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc4276ee0 [2011/10/11 16:43:34.103291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000611A [2011/10/11 16:43:34.103345, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc = 0 [2011/10/11 16:43:34.103390, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc [2011/10/11 16:43:34.103437, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/basic/dialog.xlc (numopen=79) NT_STATUS_OK [2011/10/11 16:43:34.103482, 5] smbd/files.c:464(file_free) freed files structure 18145 (190 used) [2011/10/11 16:43:34.103528, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.103553, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61572 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.103768, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.104341, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.104390, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.104432, 3] smbd/process.c:1661(process_smb) Transaction 7943 of length 45 (0 toread) [2011/10/11 16:43:34.104474, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.104499, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61636 smt_wct=3 smb_vwv[ 0]=18146 (0x46E2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.104760, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.104787, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.104832, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.104875, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.105322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.105489, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.105544, 3] smbd/reply.c:4850(reply_close) close fd=198 fnum=18146 (numopen=79) [2011/10/11 16:43:34.105586, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.105645, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau, file_id = 801:f87c7:0 gen_id = 707 has kernel oplock state of 1. [2011/10/11 16:43:34.105706, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000C787 [2011/10/11 16:43:34.105753, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.105795, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jan 28 18:00:04 2005 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.105859, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x860e, type= 0x3, gen_id = 707, uid = 0, flags = 0, file_id 801:f87c7:0, name_hash = 0x73399ab4 [2011/10/11 16:43:34.105909, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73399ab4 [2011/10/11 16:43:34.105953, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000C787 [2011/10/11 16:43:34.106007, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau = 0 [2011/10/11 16:43:34.106052, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau [2011/10/11 16:43:34.106099, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/user/autotext/mytexts.bau (numopen=78) NT_STATUS_OK [2011/10/11 16:43:34.106144, 5] smbd/files.c:464(file_free) freed files structure 18146 (189 used) [2011/10/11 16:43:34.106190, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.106215, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61636 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.106429, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.106985, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.107036, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.107078, 3] smbd/process.c:1661(process_smb) Transaction 7944 of length 45 (0 toread) [2011/10/11 16:43:34.107120, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.107144, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61700 smt_wct=3 smb_vwv[ 0]=18147 (0x46E3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.107406, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.107433, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.107479, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.107522, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.107986, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.108115, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.108169, 3] smbd/reply.c:4850(reply_close) close fd=199 fnum=18147 (numopen=78) [2011/10/11 16:43:34.108211, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.108270, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock, file_id = 801:ec76f:0 gen_id = 708 has kernel oplock state of 1. [2011/10/11 16:43:34.108330, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000006FC7 [2011/10/11 16:43:34.108377, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.108419, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Dec 8 17:09:40 2008 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.108484, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x8744, type= 0x3, gen_id = 708, uid = 0, flags = 0, file_id 801:ec76f:0, name_hash = 0xd26c2640 [2011/10/11 16:43:34.108533, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xd26c2640 [2011/10/11 16:43:34.108578, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000006FC7 [2011/10/11 16:43:34.108632, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock = 0 [2011/10/11 16:43:34.108676, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock [2011/10/11 16:43:34.108723, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/OpenOffice.org/3/.lock (numopen=77) NT_STATUS_OK [2011/10/11 16:43:34.108767, 5] smbd/files.c:464(file_free) freed files structure 18147 (188 used) [2011/10/11 16:43:34.108814, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.108840, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61700 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.109055, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.109647, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.109698, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.109740, 3] smbd/process.c:1661(process_smb) Transaction 7945 of length 45 (0 toread) [2011/10/11 16:43:34.109782, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.109807, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61764 smt_wct=3 smb_vwv[ 0]=18149 (0x46E5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.110087, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.110114, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.110160, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.110204, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.110650, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.110779, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.110835, 3] smbd/reply.c:4850(reply_close) close fd=201 fnum=18149 (numopen=77) [2011/10/11 16:43:34.110877, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.110935, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs, file_id = 801:a094c:0 gen_id = 710 has kernel oplock state of 1. [2011/10/11 16:43:34.110995, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004C09 [2011/10/11 16:43:34.111043, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.111085, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.111149, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x949b, type= 0x3, gen_id = 710, uid = 0, flags = 0, file_id 801:a094c:0, name_hash = 0x12e571e5 [2011/10/11 16:43:34.111198, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x12e571e5 [2011/10/11 16:43:34.111246, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004C09 [2011/10/11 16:43:34.111299, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs = 0 [2011/10/11 16:43:34.111343, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs [2011/10/11 16:43:34.111389, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Mijn documenten.mydocs (numopen=76) NT_STATUS_OK [2011/10/11 16:43:34.111433, 5] smbd/files.c:464(file_free) freed files structure 18149 (187 used) [2011/10/11 16:43:34.111479, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.111503, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61764 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.111717, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.112308, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.112357, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.112399, 3] smbd/process.c:1661(process_smb) Transaction 7946 of length 45 (0 toread) [2011/10/11 16:43:34.112441, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.112466, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61828 smt_wct=3 smb_vwv[ 0]=18151 (0x46E7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.112726, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.112752, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.112797, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.112840, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.113283, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.113432, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.113483, 3] smbd/reply.c:4850(reply_close) close fd=203 fnum=18151 (numopen=76) [2011/10/11 16:43:34.113526, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.113584, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget, file_id = 801:a094a:0 gen_id = 712 has kernel oplock state of 1. [2011/10/11 16:43:34.113644, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004A09 [2011/10/11 16:43:34.113692, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.113733, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.113797, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9527, type= 0x3, gen_id = 712, uid = 0, flags = 0, file_id 801:a094a:0, name_hash = 0x5c52c27a [2011/10/11 16:43:34.113846, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5c52c27a [2011/10/11 16:43:34.113891, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004A09 [2011/10/11 16:43:34.113944, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget = 0 [2011/10/11 16:43:34.113988, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget [2011/10/11 16:43:34.114051, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Gecomprimeerde map.ZFSendToTarget (numopen=75) NT_STATUS_OK [2011/10/11 16:43:34.114096, 5] smbd/files.c:464(file_free) freed files structure 18151 (186 used) [2011/10/11 16:43:34.114142, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.114167, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61828 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.114380, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.114955, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.115005, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.115047, 3] smbd/process.c:1661(process_smb) Transaction 7947 of length 45 (0 toread) [2011/10/11 16:43:34.115089, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.115114, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61892 smt_wct=3 smb_vwv[ 0]=18148 (0x46E4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.115375, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.115402, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.115447, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.115490, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.115936, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.116065, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.116118, 3] smbd/reply.c:4850(reply_close) close fd=200 fnum=18148 (numopen=75) [2011/10/11 16:43:34.116160, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.116220, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/Application Data/.svn/entries, file_id = 801:c87e6:0 gen_id = 709 has kernel oplock state of 1. [2011/10/11 16:43:34.116281, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000E687 [2011/10/11 16:43:34.116329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.116371, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.116435, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9470, type= 0x3, gen_id = 709, uid = 0, flags = 0, file_id 801:c87e6:0, name_hash = 0x55616db8 [2011/10/11 16:43:34.116502, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x55616db8 [2011/10/11 16:43:34.116548, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000E687 [2011/10/11 16:43:34.116602, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/Application Data/.svn/entries = 0 [2011/10/11 16:43:34.116646, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/Application Data/.svn/entries [2011/10/11 16:43:34.116692, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/Application Data/.svn/entries (numopen=74) NT_STATUS_OK [2011/10/11 16:43:34.116736, 5] smbd/files.c:464(file_free) freed files structure 18148 (185 used) [2011/10/11 16:43:34.116780, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.116805, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61892 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.117022, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.117606, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.117657, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.117699, 3] smbd/process.c:1661(process_smb) Transaction 7948 of length 45 (0 toread) [2011/10/11 16:43:34.117741, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.117766, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61956 smt_wct=3 smb_vwv[ 0]=18150 (0x46E6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.118029, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.118056, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.118101, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.118145, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.118593, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.118723, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.118776, 3] smbd/reply.c:4850(reply_close) close fd=202 fnum=18150 (numopen=74) [2011/10/11 16:43:34.118819, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.118879, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/desktop.ini, file_id = 801:a094b:0 gen_id = 711 has kernel oplock state of 1. [2011/10/11 16:43:34.118955, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004B09 [2011/10/11 16:43:34.119004, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.119047, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.119111, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x94da, type= 0x3, gen_id = 711, uid = 0, flags = 0, file_id 801:a094b:0, name_hash = 0xa5a3b88a [2011/10/11 16:43:34.119160, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa5a3b88a [2011/10/11 16:43:34.119205, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004B09 [2011/10/11 16:43:34.119259, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/desktop.ini = 0 [2011/10/11 16:43:34.119303, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/desktop.ini [2011/10/11 16:43:34.119349, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/desktop.ini (numopen=73) NT_STATUS_OK [2011/10/11 16:43:34.119393, 5] smbd/files.c:464(file_free) freed files structure 18150 (184 used) [2011/10/11 16:43:34.119440, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.119465, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=61956 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.119682, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.120580, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.120629, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.120671, 3] smbd/process.c:1661(process_smb) Transaction 7949 of length 45 (0 toread) [2011/10/11 16:43:34.120713, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.120738, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62020 smt_wct=3 smb_vwv[ 0]=18152 (0x46E8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.121000, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.121026, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.121072, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.121115, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.121583, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.121730, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.121785, 3] smbd/reply.c:4850(reply_close) close fd=204 fnum=18152 (numopen=73) [2011/10/11 16:43:34.121828, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.121889, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Kladblok.lnk, file_id = 801:a0947:0 gen_id = 713 has kernel oplock state of 1. [2011/10/11 16:43:34.121949, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004709 [2011/10/11 16:43:34.121997, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.122040, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.122103, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9597, type= 0x3, gen_id = 713, uid = 0, flags = 0, file_id 801:a0947:0, name_hash = 0xf5d4e713 [2011/10/11 16:43:34.122153, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf5d4e713 [2011/10/11 16:43:34.122197, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004709 [2011/10/11 16:43:34.122252, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Kladblok.lnk = 0 [2011/10/11 16:43:34.122296, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Kladblok.lnk [2011/10/11 16:43:34.122342, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Kladblok.lnk (numopen=72) NT_STATUS_OK [2011/10/11 16:43:34.122386, 5] smbd/files.c:464(file_free) freed files structure 18152 (183 used) [2011/10/11 16:43:34.122432, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.122457, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62020 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.122671, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.122870, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.122920, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.122962, 3] smbd/process.c:1661(process_smb) Transaction 7950 of length 45 (0 toread) [2011/10/11 16:43:34.123003, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.123028, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62084 smt_wct=3 smb_vwv[ 0]=18153 (0x46E9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.123290, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.123317, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.123362, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.123406, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.123868, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.123997, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.124049, 3] smbd/reply.c:4850(reply_close) close fd=205 fnum=18153 (numopen=72) [2011/10/11 16:43:34.124092, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.124150, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Iview.lnk, file_id = 801:a0946:0 gen_id = 714 has kernel oplock state of 1. [2011/10/11 16:43:34.124210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004609 [2011/10/11 16:43:34.124258, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.124299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.124363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x95ce, type= 0x3, gen_id = 714, uid = 0, flags = 0, file_id 801:a0946:0, name_hash = 0xf30d0291 [2011/10/11 16:43:34.124413, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xf30d0291 [2011/10/11 16:43:34.124458, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004609 [2011/10/11 16:43:34.124512, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Iview.lnk = 0 [2011/10/11 16:43:34.124555, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Iview.lnk [2011/10/11 16:43:34.124601, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Iview.lnk (numopen=71) NT_STATUS_OK [2011/10/11 16:43:34.124645, 5] smbd/files.c:464(file_free) freed files structure 18153 (182 used) [2011/10/11 16:43:34.124691, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.124717, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62084 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.124932, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.125113, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.125162, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.125205, 3] smbd/process.c:1661(process_smb) Transaction 7951 of length 45 (0 toread) [2011/10/11 16:43:34.125246, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.125271, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62148 smt_wct=3 smb_vwv[ 0]=18154 (0x46EA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.125553, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.125580, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.125641, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.125686, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.126133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.126263, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.126316, 3] smbd/reply.c:4850(reply_close) close fd=206 fnum=18154 (numopen=71) [2011/10/11 16:43:34.126359, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.126418, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Wordpad.lnk, file_id = 801:a0945:0 gen_id = 715 has kernel oplock state of 1. [2011/10/11 16:43:34.126478, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004509 [2011/10/11 16:43:34.126525, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.126567, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.126631, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x9704, type= 0x3, gen_id = 715, uid = 0, flags = 0, file_id 801:a0945:0, name_hash = 0xb9d38ec3 [2011/10/11 16:43:34.126681, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xb9d38ec3 [2011/10/11 16:43:34.126726, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004509 [2011/10/11 16:43:34.126780, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Wordpad.lnk = 0 [2011/10/11 16:43:34.126823, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Wordpad.lnk [2011/10/11 16:43:34.126869, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Wordpad.lnk (numopen=70) NT_STATUS_OK [2011/10/11 16:43:34.126913, 5] smbd/files.c:464(file_free) freed files structure 18154 (181 used) [2011/10/11 16:43:34.126960, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.126985, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62148 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.127199, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.127385, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.127435, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.127477, 3] smbd/process.c:1661(process_smb) Transaction 7952 of length 45 (0 toread) [2011/10/11 16:43:34.127536, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.127561, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62212 smt_wct=3 smb_vwv[ 0]=18155 (0x46EB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.127824, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.127851, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.127897, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.127941, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.128388, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.128517, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.128569, 3] smbd/reply.c:4850(reply_close) close fd=207 fnum=18155 (numopen=70) [2011/10/11 16:43:34.128611, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.128670, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink, file_id = 801:a0944:0 gen_id = 716 has kernel oplock state of 1. [2011/10/11 16:43:34.128729, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004409 [2011/10/11 16:43:34.128777, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.128819, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.128883, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa29b, type= 0x3, gen_id = 716, uid = 0, flags = 0, file_id 801:a0944:0, name_hash = 0x4f3a1eb9 [2011/10/11 16:43:34.128933, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x4f3a1eb9 [2011/10/11 16:43:34.128978, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004409 [2011/10/11 16:43:34.129031, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink = 0 [2011/10/11 16:43:34.129076, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink [2011/10/11 16:43:34.129123, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/Bureaublad (snelkoppeling maken).DeskLink (numopen=69) NT_STATUS_OK [2011/10/11 16:43:34.129187, 5] smbd/files.c:464(file_free) freed files structure 18155 (180 used) [2011/10/11 16:43:34.129235, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.129260, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62212 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.129498, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.129687, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.129737, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.129779, 3] smbd/process.c:1661(process_smb) Transaction 7953 of length 45 (0 toread) [2011/10/11 16:43:34.129821, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.129846, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62276 smt_wct=3 smb_vwv[ 0]=18156 (0x46EC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.130107, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.130134, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.130180, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.130224, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.130671, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.130801, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.130853, 3] smbd/reply.c:4850(reply_close) close fd=208 fnum=18156 (numopen=69) [2011/10/11 16:43:34.130896, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.130955, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail, file_id = 801:a0943:0 gen_id = 717 has kernel oplock state of 1. [2011/10/11 16:43:34.131015, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000004309 [2011/10/11 16:43:34.131068, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.131110, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.131175, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa327, type= 0x3, gen_id = 717, uid = 0, flags = 0, file_id 801:a0943:0, name_hash = 0x6e92fbd6 [2011/10/11 16:43:34.131224, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x6e92fbd6 [2011/10/11 16:43:34.131287, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000004309 [2011/10/11 16:43:34.131342, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail = 0 [2011/10/11 16:43:34.131386, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail [2011/10/11 16:43:34.131432, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/E-mailontvanger.MAPIMail (numopen=68) NT_STATUS_OK [2011/10/11 16:43:34.131476, 5] smbd/files.c:464(file_free) freed files structure 18156 (179 used) [2011/10/11 16:43:34.131523, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.131548, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62276 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.131764, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.131985, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.132034, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.132076, 3] smbd/process.c:1661(process_smb) Transaction 7954 of length 45 (0 toread) [2011/10/11 16:43:34.132117, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.132142, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62340 smt_wct=3 smb_vwv[ 0]=18157 (0x46ED) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.132403, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.132430, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.132475, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.132518, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.132964, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.133093, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.133146, 3] smbd/reply.c:4850(reply_close) close fd=209 fnum=18157 (numopen=68) [2011/10/11 16:43:34.133188, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.133246, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/entries, file_id = 801:a4aac:0 gen_id = 718 has kernel oplock state of 1. [2011/10/11 16:43:34.133305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC4A [2011/10/11 16:43:34.133369, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e60 [2011/10/11 16:43:34.133434, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Sep 30 12:47:36 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.133498, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa430, type= 0x3, gen_id = 718, uid = 0, flags = 0, file_id 801:a4aac:0, name_hash = 0xecd1d6d9 [2011/10/11 16:43:34.133548, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xecd1d6d9 [2011/10/11 16:43:34.133593, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC4A [2011/10/11 16:43:34.133647, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/entries = 0 [2011/10/11 16:43:34.133691, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/entries [2011/10/11 16:43:34.133736, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/entries (numopen=67) NT_STATUS_OK [2011/10/11 16:43:34.133780, 5] smbd/files.c:464(file_free) freed files structure 18157 (178 used) [2011/10/11 16:43:34.133827, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.133853, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62340 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.134068, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.134256, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.134306, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.134348, 3] smbd/process.c:1661(process_smb) Transaction 7955 of length 45 (0 toread) [2011/10/11 16:43:34.134390, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.134415, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62404 smt_wct=3 smb_vwv[ 0]=18158 (0x46EE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.134676, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.134703, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.134748, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.134792, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.135240, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.135368, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.135437, 3] smbd/reply.c:4850(reply_close) close fd=210 fnum=18158 (numopen=67) [2011/10/11 16:43:34.135480, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.135539, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base, file_id = 801:c465c:0 gen_id = 719 has kernel oplock state of 1. [2011/10/11 16:43:34.135600, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005C46 [2011/10/11 16:43:34.135652, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.135694, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.135758, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa49a, type= 0x3, gen_id = 719, uid = 0, flags = 0, file_id 801:c465c:0, name_hash = 0xced45b08 [2011/10/11 16:43:34.135807, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xced45b08 [2011/10/11 16:43:34.135856, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005C46 [2011/10/11 16:43:34.135910, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base = 0 [2011/10/11 16:43:34.135955, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base [2011/10/11 16:43:34.136001, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Mijn documenten.mydocs.svn-base (numopen=66) NT_STATUS_OK [2011/10/11 16:43:34.136045, 5] smbd/files.c:464(file_free) freed files structure 18158 (177 used) [2011/10/11 16:43:34.136091, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.136117, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62404 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.136331, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.136514, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.136563, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.136605, 3] smbd/process.c:1661(process_smb) Transaction 7956 of length 45 (0 toread) [2011/10/11 16:43:34.136647, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.136671, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62468 smt_wct=3 smb_vwv[ 0]=18159 (0x46EF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.136931, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.136958, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.137003, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.137047, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.137528, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.137657, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.137711, 3] smbd/reply.c:4850(reply_close) close fd=211 fnum=18159 (numopen=66) [2011/10/11 16:43:34.137754, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.137813, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base, file_id = 801:c4653:0 gen_id = 720 has kernel oplock state of 1. [2011/10/11 16:43:34.137872, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005346 [2011/10/11 16:43:34.137920, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e70 [2011/10/11 16:43:34.137962, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:26 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.138025, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa557, type= 0x3, gen_id = 720, uid = 0, flags = 0, file_id 801:c4653:0, name_hash = 0x9102dff6 [2011/10/11 16:43:34.138075, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x9102dff6 [2011/10/11 16:43:34.138120, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005346 [2011/10/11 16:43:34.138174, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base = 0 [2011/10/11 16:43:34.138218, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base [2011/10/11 16:43:34.138265, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/desktop.ini.svn-base (numopen=65) NT_STATUS_OK [2011/10/11 16:43:34.138310, 5] smbd/files.c:464(file_free) freed files structure 18159 (176 used) [2011/10/11 16:43:34.138356, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.138381, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62468 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.138596, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.138781, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.138831, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.138874, 3] smbd/process.c:1661(process_smb) Transaction 7957 of length 45 (0 toread) [2011/10/11 16:43:34.138915, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.138940, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62532 smt_wct=3 smb_vwv[ 0]=18160 (0x46F0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.139201, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.139228, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.139292, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.139336, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.139784, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.139914, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.139966, 3] smbd/reply.c:4850(reply_close) close fd=212 fnum=18160 (numopen=65) [2011/10/11 16:43:34.140008, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.140067, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base, file_id = 801:c4652:0 gen_id = 721 has kernel oplock state of 1. [2011/10/11 16:43:34.140127, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005246 [2011/10/11 16:43:34.140175, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e90 [2011/10/11 16:43:34.140218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.140282, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa58e, type= 0x3, gen_id = 721, uid = 0, flags = 0, file_id 801:c4652:0, name_hash = 0xaf77a2e4 [2011/10/11 16:43:34.140331, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xaf77a2e4 [2011/10/11 16:43:34.140377, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005246 [2011/10/11 16:43:34.140431, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base = 0 [2011/10/11 16:43:34.140476, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base [2011/10/11 16:43:34.140524, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Gecomprimeerde map.ZFSendToTarget.svn-base (numopen=64) NT_STATUS_OK [2011/10/11 16:43:34.140569, 5] smbd/files.c:464(file_free) freed files structure 18160 (175 used) [2011/10/11 16:43:34.140616, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.140641, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62532 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.140855, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.141054, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:34.141105, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:34.141147, 3] smbd/process.c:1661(process_smb) Transaction 7958 of length 45 (0 toread) [2011/10/11 16:43:34.141188, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.141213, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62596 smt_wct=3 smb_vwv[ 0]=18161 (0x46F1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:34.141496, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:34.141523, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a1bb70 [2011/10/11 16:43:34.141568, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:34.141612, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:34.142058, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:34.142187, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:34.142240, 3] smbd/reply.c:4850(reply_close) close fd=213 fnum=18161 (numopen=64) [2011/10/11 16:43:34.142282, 6] smbd/close.c:527(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2011/10/11 16:43:34.142341, 10] smbd/oplock_linux.c:141(linux_release_kernel_oplock) linux_release_kernel_oplock: file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base, file_id = 801:c4651:0 gen_id = 722 has kernel oplock state of 1. [2011/10/11 16:43:34.142400, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 01080000000000005146 [2011/10/11 16:43:34.142448, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87e80 [2011/10/11 16:43:34.142490, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Mon Jan 8 23:29:25 2007 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:34.142553, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0xa6c4, type= 0x3, gen_id = 722, uid = 0, flags = 0, file_id 801:c4651:0, name_hash = 0xc3bc86bb [2011/10/11 16:43:34.142603, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xc3bc86bb [2011/10/11 16:43:34.142648, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 01080000000000005146 [2011/10/11 16:43:34.142702, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base = 0 [2011/10/11 16:43:34.142746, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base [2011/10/11 16:43:34.142810, 2] smbd/close.c:691(close_normal_file) ando closed file ando.192.168.68.2.v2/SendTo/.svn/prop-base/Kladblok.lnk.svn-base (numopen=63) NT_STATUS_OK [2011/10/11 16:43:34.142855, 5] smbd/files.c:464(file_free) freed files structure 18161 (174 used) [2011/10/11 16:43:34.142901, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:34.142926, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=4 smb_pid=65279 smb_uid=102 smb_mid=62596 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:34.143143, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.068359, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 202 [2011/10/11 16:43:35.068495, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xca [2011/10/11 16:43:35.068539, 3] smbd/process.c:1661(process_smb) Transaction 7959 of length 206 (0 toread) [2011/10/11 16:43:35.068582, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.068607, 5] lib/util.c:341(show_msg) size=202 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62660 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29696 (0x7400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=119 [2011/10/11 16:43:35.069211, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 00 00 .e.d... [2011/10/11 16:43:35.069524, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.069575, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.069620, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.070077, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.070241, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.070286, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/samba/AppData [2011/10/11 16:43:35.070341, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070389, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned" [2011/10/11 16:43:35.070436, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned] [2011/10/11 16:43:35.070490, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070542, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070595, 5] smbd/files.c:126(file_new) allocated file structure 14405, fnum = 18501 (175 used) [2011/10/11 16:43:35.070643, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned hash 0x88599df8 [2011/10/11 16:43:35.070690, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned) returning 0600 [2011/10/11 16:43:35.070733, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.070780, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070824, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.070867, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.070909, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.070950, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.070993, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, after mapping access_mask=0x81 [2011/10/11 16:43:35.071048, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.071103, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88640 [2011/10/11 16:43:35.071146, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:40408f:0 [2011/10/11 16:43:35.071191, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.071253, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.071301, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88880 [2011/10/11 16:43:35.071343, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.071410, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.071476, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.071519, 10] smbd/open.c:731(share_conflict) share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x0 [2011/10/11 16:43:35.071562, 10] smbd/open.c:734(share_conflict) share_conflict: access_mask = 0x81, share_access = 0x7 [2011/10/11 16:43:35.071604, 10] smbd/open.c:783(share_conflict) share_conflict: [1] am (0x100081) & right (0x6) = 0x0 [2011/10/11 16:43:35.071646, 10] smbd/open.c:783(share_conflict) share_conflict: [1] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.071688, 10] smbd/open.c:785(share_conflict) share_conflict: [2] am (0x81) & right (0x6) = 0x0 [2011/10/11 16:43:35.071730, 10] smbd/open.c:785(share_conflict) share_conflict: [2] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.071772, 10] smbd/open.c:788(share_conflict) share_conflict: [3] am (0x100081) & right (0x21) = 0x1 [2011/10/11 16:43:35.071814, 10] smbd/open.c:788(share_conflict) share_conflict: [3] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.071855, 10] smbd/open.c:790(share_conflict) share_conflict: [4] am (0x81) & right (0x21) = 0x1 [2011/10/11 16:43:35.071897, 10] smbd/open.c:790(share_conflict) share_conflict: [4] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.071939, 10] smbd/open.c:793(share_conflict) share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 [2011/10/11 16:43:35.071981, 10] smbd/open.c:793(share_conflict) share_conflict: [5] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.072023, 10] smbd/open.c:795(share_conflict) share_conflict: [6] am (0x81) & right (0x10000) = 0x0 [2011/10/11 16:43:35.072065, 10] smbd/open.c:795(share_conflict) share_conflict: [6] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.072107, 10] smbd/open.c:797(share_conflict) share_conflict: No conflict. [2011/10/11 16:43:35.072149, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x0 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072193, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.072246, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.072292, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned = 0 [2011/10/11 16:43:35.072337, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.072436, 5] smbd/files.c:464(file_free) freed files structure 18501 (174 used) [2011/10/11 16:43:35.072480, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.072527, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.072589, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.072631, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.283593, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.284778, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.284939, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.285763, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.285822, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.285864, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.285916, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.285969, 5] smbd/files.c:126(file_new) allocated file structure 14406, fnum = 18502 (175 used) [2011/10/11 16:43:35.286019, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned hash 0x88599df8 [2011/10/11 16:43:35.286075, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.286133, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.286192, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a519f0 [2011/10/11 16:43:35.286235, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.286304, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.286355, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.286398, 10] smbd/open.c:731(share_conflict) share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x0 [2011/10/11 16:43:35.286440, 10] smbd/open.c:734(share_conflict) share_conflict: access_mask = 0x81, share_access = 0x7 [2011/10/11 16:43:35.286482, 10] smbd/open.c:783(share_conflict) share_conflict: [1] am (0x100081) & right (0x6) = 0x0 [2011/10/11 16:43:35.286524, 10] smbd/open.c:783(share_conflict) share_conflict: [1] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.286565, 10] smbd/open.c:785(share_conflict) share_conflict: [2] am (0x81) & right (0x6) = 0x0 [2011/10/11 16:43:35.286607, 10] smbd/open.c:785(share_conflict) share_conflict: [2] sa (0x7) & share (0x2) = 0x2 [2011/10/11 16:43:35.286649, 10] smbd/open.c:788(share_conflict) share_conflict: [3] am (0x100081) & right (0x21) = 0x1 [2011/10/11 16:43:35.286690, 10] smbd/open.c:788(share_conflict) share_conflict: [3] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.286732, 10] smbd/open.c:790(share_conflict) share_conflict: [4] am (0x81) & right (0x21) = 0x1 [2011/10/11 16:43:35.286774, 10] smbd/open.c:790(share_conflict) share_conflict: [4] sa (0x7) & share (0x1) = 0x1 [2011/10/11 16:43:35.286816, 10] smbd/open.c:793(share_conflict) share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 [2011/10/11 16:43:35.286883, 10] smbd/open.c:793(share_conflict) share_conflict: [5] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.286926, 10] smbd/open.c:795(share_conflict) share_conflict: [6] am (0x81) & right (0x10000) = 0x0 [2011/10/11 16:43:35.286968, 10] smbd/open.c:795(share_conflict) share_conflict: [6] sa (0x7) & share (0x4) = 0x4 [2011/10/11 16:43:35.287009, 10] smbd/open.c:797(share_conflict) share_conflict: No conflict. [2011/10/11 16:43:35.287055, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:35.287121, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287175, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287234, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.287288, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.287331, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.287376, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.287421, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.287465, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.287507, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.287548, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.287596, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.287659, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287716, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.287773, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18502, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.288190, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 202 [2011/10/11 16:43:35.288243, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xca [2011/10/11 16:43:35.288286, 3] smbd/process.c:1661(process_smb) Transaction 7960 of length 206 (0 toread) [2011/10/11 16:43:35.288328, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.288353, 5] lib/util.c:341(show_msg) size=202 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62724 smt_wct=15 smb_vwv[ 0]= 134 (0x86) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 134 (0x86) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=137 [2011/10/11 16:43:35.288826, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 2A 00 00 00 .d.\.*.. . [2011/10/11 16:43:35.289240, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.289290, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.289335, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.289812, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.289947, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.289999, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.290053, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*" [2011/10/11 16:43:35.290101, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/*] [2011/10/11 16:43:35.290145, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned] [2011/10/11 16:43:35.290196, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, start = * [2011/10/11 16:43:35.290246, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, start = * [2011/10/11 16:43:35.290290, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.290332, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.290374, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.290417, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, mask = * [2011/10/11 16:43:35.290479, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.290536, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned, expect_close = 1 [2011/10/11 16:43:35.290580, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.290622, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.290672, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.290726, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. [2011/10/11 16:43:35.290769, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.290812, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. [2011/10/11 16:43:35.290854, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.290895, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.290950, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.291016, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.291075, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.291123, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/. fname=. (.) [2011/10/11 16:43:35.291172, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.291214, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.291261, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.291312, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. [2011/10/11 16:43:35.291353, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.291395, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. [2011/10/11 16:43:35.291436, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.291477, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.291523, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.291565, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/.. fname=.. (..) [2011/10/11 16:43:35.291610, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.291651, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.291714, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 40 [2011/10/11 16:43:35.291761, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.291817, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.291861, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.291967, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.292008, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.292055, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.292097, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar fname=TaskBar (TaskBar) [2011/10/11 16:43:35.292143, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16188 [2011/10/11 16:43:35.292184, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.292237, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 4096 [2011/10/11 16:43:35.292284, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.292327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.292369, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.292411, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.292452, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.292498, 10] locking/locking.c:1017(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2011/10/11 16:43:35.292541, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts fname=ImplicitAppShortcuts (ImplicitAppShortcuts) [2011/10/11 16:43:35.292587, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16080 [2011/10/11 16:43:35.292628, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.292675, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: ImplicitAppShortcuts -> 5BB0ED06 -> IPFVKL~I (cache=1) [2011/10/11 16:43:35.292723, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:35.292766, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:35.292808, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:35.292886, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 440, useable_space = 131010 [2011/10/11 16:43:35.292930, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 440, paramsize = 10, datasize = 440 [2011/10/11 16:43:35.292972, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.292997, 5] lib/util.c:341(show_msg) size=508 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62724 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 440 (0x1B8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 440 (0x1B8) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=453 [2011/10/11 16:43:35.293402, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 04 00 01 00 00 00 30 01 00 00 60 00 00 ........ .0...`.. [0010] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0020] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0030] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 00 A7 5A 6B 0A 1A CC 01 00 A7 5A .......Z k......Z [0080] 6B 0A 1A CC 01 00 A7 5A 6B 0A 1A CC 01 00 A7 5A k......Z k......Z [0090] 6B 0A 1A CC 01 00 00 00 00 00 00 00 00 00 00 00 k....... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 6C 00 00 00 00 00 00 00 80 D8 51 26 24 88 CC .l...... ...Q&$.. [00E0] 01 80 D8 51 26 24 88 CC 01 80 D8 51 26 24 88 CC ...Q&$.. ...Q&$.. [00F0] 01 80 D8 51 26 24 88 CC 01 00 00 00 00 00 00 00 ...Q&$.. ........ [0100] 00 00 00 00 00 00 00 00 00 10 00 00 00 0E 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 ........ .......T [0130] 00 61 00 73 00 6B 00 42 00 61 00 72 00 88 00 00 .a.s.k.B .a.r.... [0140] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0150] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0160] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0170] 00 00 00 00 00 10 00 00 00 28 00 00 00 00 00 00 ........ .(...... [0180] 00 10 00 49 00 50 00 46 00 56 00 4B 00 4C 00 7E ...I.P.F .V.K.L.~ [0190] 00 49 00 00 00 00 00 00 00 00 00 49 00 6D 00 70 .I...... ...I.m.p [01A0] 00 6C 00 69 00 63 00 69 00 74 00 41 00 70 00 70 .l.i.c.i .t.A.p.p [01B0] 00 53 00 68 00 6F 00 72 00 74 00 63 00 75 00 74 .S.h.o.r .t.c.u.t [01C0] 00 73 00 00 00 .s... [2011/10/11 16:43:35.294458, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=* directory=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned dirtype=22 numentries=4 [2011/10/11 16:43:35.294514, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2011/10/11 16:43:35.294840, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:35.294892, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:35.294934, 3] smbd/process.c:1661(process_smb) Transaction 7961 of length 45 (0 toread) [2011/10/11 16:43:35.294976, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.295002, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62788 smt_wct=3 smb_vwv[ 0]=18502 (0x4846) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:35.295264, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.295291, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.295339, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.295384, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.295926, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.296059, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.296105, 3] smbd/reply.c:4840(reply_close) close directory fnum=18502 [2011/10/11 16:43:35.296155, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000008F40 [2011/10/11 16:43:35.296210, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87d80 [2011/10/11 16:43:35.296252, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.296318, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296379, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x0, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296429, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x88599df8 [2011/10/11 16:43:35.296472, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 2 [2011/10/11 16:43:35.296536, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296588, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.296636, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000008F40 [2011/10/11 16:43:35.296691, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned = 0 [2011/10/11 16:43:35.296736, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned [2011/10/11 16:43:35.296783, 5] smbd/files.c:464(file_free) freed files structure 18502 (174 used) [2011/10/11 16:43:35.296828, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.296853, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62788 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:35.297066, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.297433, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 244 [2011/10/11 16:43:35.297484, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xf4 [2011/10/11 16:43:35.297526, 3] smbd/process.c:1661(process_smb) Transaction 7962 of length 248 (0 toread) [2011/10/11 16:43:35.297568, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.297593, 5] lib/util.c:341(show_msg) size=244 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62852 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=40448 (0x9E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=161 [2011/10/11 16:43:35.298210, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 5C 00 49 00 6D 00 70 00 6C 00 69 .e.d.\.I .m.p.l.i [0080] 00 63 00 69 00 74 00 41 00 70 00 70 00 53 00 68 .c.i.t.A .p.p.S.h [0090] 00 6F 00 72 00 74 00 63 00 75 00 74 00 73 00 00 .o.r.t.c .u.t.s.. [00A0] 00 . [2011/10/11 16:43:35.298595, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.298642, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.298686, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.299133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.299330, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.299382, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299431, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts" [2011/10/11 16:43:35.299479, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts] [2011/10/11 16:43:35.299547, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299600, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299652, 5] smbd/files.c:126(file_new) allocated file structure 14407, fnum = 18503 (175 used) [2011/10/11 16:43:35.299700, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts hash 0x73aa9b67 [2011/10/11 16:43:35.299747, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts) returning 0600 [2011/10/11 16:43:35.299790, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.299837, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299882, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.299924, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.299966, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.300007, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.300051, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, after mapping access_mask=0x81 [2011/10/11 16:43:35.300105, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.300156, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88790 [2011/10/11 16:43:35.300198, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:404152:0 [2011/10/11 16:43:35.300243, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.300305, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.300351, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d889d0 [2011/10/11 16:43:35.300395, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300439, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.300492, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.300539, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts = 0 [2011/10/11 16:43:35.300584, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300630, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.300698, 5] smbd/files.c:464(file_free) freed files structure 18503 (174 used) [2011/10/11 16:43:35.300741, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.300789, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.300852, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.300894, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.300943, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.301674, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.301781, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.302425, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.302480, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.302523, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.302574, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.302628, 5] smbd/files.c:126(file_new) allocated file structure 14408, fnum = 18504 (175 used) [2011/10/11 16:43:35.302678, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts hash 0x73aa9b67 [2011/10/11 16:43:35.302735, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.302793, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.302851, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0a122e0 [2011/10/11 16:43:35.302899, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2011/10/11 16:43:35.302968, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.303017, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.303072, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.303113, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.303159, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303230, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.303274, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303317, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.303357, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.303406, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.303471, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.303528, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18504, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.303914, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 244 [2011/10/11 16:43:35.303968, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xf4 [2011/10/11 16:43:35.304010, 3] smbd/process.c:1661(process_smb) Transaction 7963 of length 248 (0 toread) [2011/10/11 16:43:35.304052, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.304077, 5] lib/util.c:341(show_msg) size=244 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62916 smt_wct=15 smb_vwv[ 0]= 176 (0xB0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 176 (0xB0) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=179 [2011/10/11 16:43:35.304529, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 49 00 6D 00 70 00 6C 00 69 00 63 .d.\.I.m .p.l.i.c [0090] 00 69 00 74 00 41 00 70 00 70 00 53 00 68 00 6F .i.t.A.p .p.S.h.o [00A0] 00 72 00 74 00 63 00 75 00 74 00 73 00 5C 00 2A .r.t.c.u .t.s.\.* [00B0] 00 00 00 ... [2011/10/11 16:43:35.304948, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.304996, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.305041, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.305534, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.305669, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.305722, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.305775, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*" [2011/10/11 16:43:35.305824, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS/*] [2011/10/11 16:43:35.305869, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/IMPLICITAPPSHORTCUTS] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts] [2011/10/11 16:43:35.305920, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, start = * [2011/10/11 16:43:35.306061, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, start = * [2011/10/11 16:43:35.306107, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.306149, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.306191, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.306233, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, mask = * [2011/10/11 16:43:35.306281, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.306391, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts, expect_close = 1 [2011/10/11 16:43:35.306435, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.306477, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.306527, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.306582, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. [2011/10/11 16:43:35.306626, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.306669, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. [2011/10/11 16:43:35.306711, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.306751, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.306806, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.306888, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.306939, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/. fname=. (.) [2011/10/11 16:43:35.306989, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.307031, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.307078, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.307129, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. [2011/10/11 16:43:35.307171, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.307213, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. [2011/10/11 16:43:35.307255, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.307295, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.307342, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.307405, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.307462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.307510, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts/.. fname=.. (..) [2011/10/11 16:43:35.307556, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.307598, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.307653, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset -1 [2011/10/11 16:43:35.307696, 5] smbd/trans2.c:2509(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2011/10/11 16:43:35.307739, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2011/10/11 16:43:35.307814, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 [2011/10/11 16:43:35.307859, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 [2011/10/11 16:43:35.307901, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.307926, 5] lib/util.c:341(show_msg) size=264 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=62916 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 196 (0xC4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 196 (0xC4) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=209 [2011/10/11 16:43:35.308314, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 02 00 01 00 00 00 60 00 00 00 60 00 00 ........ .`...`.. [0010] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0020] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0030] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 80 46 48 BA 60 BD CB 01 80 02 3F ......FH .`.....? [0080] F6 5B 87 CC 01 80 46 48 BA 60 BD CB 01 80 46 48 .[....FH .`....FH [0090] BA 60 BD CB 01 00 00 00 00 00 00 00 00 00 00 00 .`...... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 . [2011/10/11 16:43:35.308832, 4] smbd/trans2.c:2553(call_trans2findfirst) SMBtrans2 mask=* directory=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts dirtype=22 numentries=2 [2011/10/11 16:43:35.308890, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2011/10/11 16:43:35.309114, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 41 [2011/10/11 16:43:35.309164, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0x29 [2011/10/11 16:43:35.309206, 3] smbd/process.c:1661(process_smb) Transaction 7964 of length 45 (0 toread) [2011/10/11 16:43:35.309248, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.309273, 5] lib/util.c:341(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62980 smt_wct=3 smb_vwv[ 0]=18504 (0x4848) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/10/11 16:43:35.309557, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.309586, 3] smbd/process.c:1466(switch_message) switch message SMBclose (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.309633, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.309677, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.310126, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.310258, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.310304, 3] smbd/reply.c:4840(reply_close) close directory fnum=18504 [2011/10/11 16:43:35.310424, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000005241 [2011/10/11 16:43:35.310481, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d87d80 [2011/10/11 16:43:35.310543, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.310661, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf584, type= 0x0, gen_id = 1065, uid = 0, flags = 0, file_id 803:404152:0, name_hash = 0x73aa9b67 [2011/10/11 16:43:35.310714, 10] locking/locking.c:1610(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x73aa9b67 [2011/10/11 16:43:35.310760, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000005241 [2011/10/11 16:43:35.310815, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts = 0 [2011/10/11 16:43:35.310861, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/ImplicitAppShortcuts [2011/10/11 16:43:35.310909, 5] smbd/files.c:464(file_free) freed files structure 18504 (174 used) [2011/10/11 16:43:35.310953, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.310979, 5] lib/util.c:341(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=62980 smt_wct=0 smb_bcc=0 [2011/10/11 16:43:35.311191, 10] ../lib/util/util.c:415(dump_data) [2011/10/11 16:43:35.311604, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 218 [2011/10/11 16:43:35.311655, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xda [2011/10/11 16:43:35.311698, 3] smbd/process.c:1661(process_smb) Transaction 7965 of length 222 (0 toread) [2011/10/11 16:43:35.311739, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.311764, 5] lib/util.c:341(show_msg) size=218 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=63044 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=33792 (0x8400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=135 [2011/10/11 16:43:35.312358, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 .\.a.n.d .o.\.M.i [0010] 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C .c.r.o.s .o.f.t.\ [0020] 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 .I.n.t.e .r.n.e.t [0030] 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 . .E.x.p .l.o.r.e [0040] 00 72 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 .r.\.Q.u .i.c.k. [0050] 00 4C 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 .L.a.u.n .c.h.\.U [0060] 00 73 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E .s.e.r. .P.i.n.n [0070] 00 65 00 64 00 5C 00 54 00 61 00 73 00 6B 00 42 .e.d.\.T .a.s.k.B [0080] 00 61 00 72 00 00 00 .a.r... [2011/10/11 16:43:35.312678, 3] smbd/process.c:1466(switch_message) switch message SMBntcreateX (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.312724, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.312768, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.313233, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.313364, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.313435, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313483, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar" [2011/10/11 16:43:35.313530, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar] [2011/10/11 16:43:35.313583, 10] smbd/open.c:3760(create_file_default) create_file: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313633, 10] smbd/open.c:3280(create_file_unixpath) create_file_unixpath: access_mask = 0x81 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313686, 5] smbd/files.c:126(file_new) allocated file structure 14409, fnum = 18505 (175 used) [2011/10/11 16:43:35.313733, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar hash 0x57ae7988 [2011/10/11 16:43:35.313780, 3] smbd/dosmode.c:159(unix_mode) unix_mode(ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar) returning 0600 [2011/10/11 16:43:35.313823, 10] smbd/open.c:1759(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, dos_attrs=0x0 access_mask=0x81 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0600 oplock_request=3 private_flags = 0x0 [2011/10/11 16:43:35.313870, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.313915, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.313958, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314000, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.314041, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.314084, 10] smbd/open.c:1937(open_file_ntcreate) open_file_ntcreate: fname=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, after mapping access_mask=0x81 [2011/10/11 16:43:35.314154, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.314204, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88720 [2011/10/11 16:43:35.314246, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 803:404090:0 [2011/10/11 16:43:35.314291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.314352, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.314398, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b0d88960 [2011/10/11 16:43:35.314441, 10] smbd/open.c:1170(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314485, 4] smbd/open.c:2228(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0600, access_mask = 0x81, open_access_mask = 0x81 [2011/10/11 16:43:35.314537, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, flags = 00 mode = 0600, fd = 31. [2011/10/11 16:43:35.314583, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar = 0 [2011/10/11 16:43:35.314628, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314674, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.314726, 5] smbd/files.c:464(file_free) freed files structure 18505 (174 used) [2011/10/11 16:43:35.314770, 5] smbd/open.c:2756(open_directory) open_directory: opening directory ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2011/10/11 16:43:35.314816, 10] smbd/posix_acls.c:3500(posix_get_nt_acl) posix_get_nt_acl: called for file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.314879, 10] smbd/posix_acls.c:2625(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2011/10/11 16:43:35.314920, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.314968, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2011/10/11 16:43:35.315770, 10] smbd/posix_acls.c:2638(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2011/10/11 16:43:35.315879, 10] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2969752157-892696647-4271518216-101013 gid 1002 (andoburg) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/10/11 16:43:35.316520, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2011/10/11 16:43:35.316576, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.316618, 10] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2011/10/11 16:43:35.316669, 10] smbd/open.c:122(smbd_check_open_rights) smbd_check_open_rights: file ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar requesting 0x81 returning 0x81 (NT_STATUS_OK) [2011/10/11 16:43:35.316749, 5] smbd/files.c:126(file_new) allocated file structure 14410, fnum = 18506 (175 used) [2011/10/11 16:43:35.316801, 10] smbd/files.c:618(file_name_hash) file_name_hash: /home/samba/AppData/ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar hash 0x57ae7988 [2011/10/11 16:43:35.316857, 10] smbd/open.c:179(fd_open) fd_open: name ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, flags = 0200000 mode = 00, fd = 31. [2011/10/11 16:43:35.316915, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 03080000000000009040 [2011/10/11 16:43:35.316973, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fc9b09dbeb0 [2011/10/11 16:43:35.317021, 10] locking/locking.c:806(unparse_share_modes) unparse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2011/10/11 16:43:35.317092, 10] locking/locking.c:535(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.317140, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 03080000000000009040 [2011/10/11 16:43:35.317195, 10] smbd/open.c:3572(create_file_unixpath) create_file_unixpath: info=1 [2011/10/11 16:43:35.317238, 10] smbd/open.c:3855(create_file_default) create_file: info=1 [2011/10/11 16:43:35.317283, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.317328, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.317371, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.317450, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.317491, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.317539, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.317604, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.317662, 5] smbd/nttrans.c:730(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 18506, open name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.318034, 10] lib/util_sock.c:516(read_smb_length_return_keepalive) got smb length of 218 [2011/10/11 16:43:35.318086, 6] smbd/process.c:1659(process_smb) got message type 0x0 of len 0xda [2011/10/11 16:43:35.318129, 3] smbd/process.c:1661(process_smb) Transaction 7966 of length 222 (0 toread) [2011/10/11 16:43:35.318171, 5] lib/util.c:331(show_msg) [2011/10/11 16:43:35.318196, 5] lib/util.c:341(show_msg) size=218 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=3584 smb_uid=102 smb_mid=63108 smt_wct=15 smb_vwv[ 0]= 150 (0x96) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 150 (0x96) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=153 [2011/10/11 16:43:35.318652, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 61 00 6E 00 64 00 6F 00 5C 00 4D 00 69 00 63 .a.n.d.o .\.M.i.c [0020] 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 49 .r.o.s.o .f.t.\.I [0030] 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 .n.t.e.r .n.e.t. [0040] 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 .E.x.p.l .o.r.e.r [0050] 00 5C 00 51 00 75 00 69 00 63 00 6B 00 20 00 4C .\.Q.u.i .c.k. .L [0060] 00 61 00 75 00 6E 00 63 00 68 00 5C 00 55 00 73 .a.u.n.c .h.\.U.s [0070] 00 65 00 72 00 20 00 50 00 69 00 6E 00 6E 00 65 .e.r. .P .i.n.n.e [0080] 00 64 00 5C 00 54 00 61 00 73 00 6B 00 42 00 61 .d.\.T.a .s.k.B.a [0090] 00 72 00 5C 00 2A 00 00 00 .r.\.*.. . [2011/10/11 16:43:35.319030, 3] smbd/process.c:1466(switch_message) switch message SMBtrans2 (pid 8659) conn 0x7fc9b0a47c40 [2011/10/11 16:43:35.319079, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 1002) - sec_ctx_stack_ndx = 0 [2011/10/11 16:43:35.319124, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-101699 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-101013 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 4]: S-1-5-21-2969752157-892696647-4271518216-21007 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-1002 SID[ 10]: S-1-22-2-1002 SID[ 11]: S-1-22-2-10001 SID[ 12]: S-1-22-2-10003 Privileges (0x FF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Rights (0x 0): [2011/10/11 16:43:35.319575, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 1002 and contains 4 supplementary groups Group[ 0]: 1002 Group[ 1]: 0 Group[ 2]: 10001 Group[ 3]: 10003 [2011/10/11 16:43:35.319709, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,1002) [2011/10/11 16:43:35.319761, 3] smbd/trans2.c:2290(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/10/11 16:43:35.319814, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*" [2011/10/11 16:43:35.319861, 10] smbd/statcache.c:241(stat_cache_lookup) stat_cache_lookup: lookup failed for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR/*] [2011/10/11 16:43:35.319906, 10] smbd/statcache.c:280(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [ANDO/MICROSOFT/INTERNET EXPLORER/QUICK LAUNCH/USER PINNED/TASKBAR] -> [ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar] [2011/10/11 16:43:35.319955, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, start = * [2011/10/11 16:43:35.320006, 5] smbd/filename.c:184(check_parent_exists) check_parent_exists: name = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/*, dirpath = ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, start = * [2011/10/11 16:43:35.320050, 10] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2011/10/11 16:43:35.320091, 10] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2011/10/11 16:43:35.320133, 5] smbd/filename.c:609(unix_convert) Wildcard * [2011/10/11 16:43:35.320176, 5] smbd/trans2.c:2375(call_trans2findfirst) dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, mask = * [2011/10/11 16:43:35.320223, 5] smbd/dir.c:435(dptr_create) dptr_create dir=ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar [2011/10/11 16:43:35.320293, 3] smbd/dir.c:560(dptr_create) creating new dirptr 256 for path ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar, expect_close = 1 [2011/10/11 16:43:35.320337, 4] smbd/trans2.c:2443(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2011/10/11 16:43:35.320379, 8] smbd/trans2.c:2452(call_trans2findfirst) dirpath= dontdescend=<> [2011/10/11 16:43:35.320428, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 0 [2011/10/11 16:43:35.320482, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. [2011/10/11 16:43:35.320525, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.320568, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. [2011/10/11 16:43:35.320610, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.320650, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.320702, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:33 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.320767, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf644, type= 0x0, gen_id = 1067, uid = 0, flags = 0, file_id 803:404090:0, name_hash = 0x57ae7988 [2011/10/11 16:43:35.320815, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/. fname=. (.) [2011/10/11 16:43:35.320865, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2011/10/11 16:43:35.320907, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.320953, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2147483648 [2011/10/11 16:43:35.321004, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. [2011/10/11 16:43:35.321045, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2011/10/11 16:43:35.321087, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. [2011/10/11 16:43:35.321128, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.321169, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2011/10/11 16:43:35.321216, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 14:55:45 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.321279, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100081, mid = 0xc1e5, type= 0x0, gen_id = 1056, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.321335, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x81, mid = 0xf4c4, type= 0x40, gen_id = 1063, uid = 0, flags = 0, file_id 803:40408f:0, name_hash = 0x88599df8 [2011/10/11 16:43:35.321410, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/.. fname=.. (..) [2011/10/11 16:43:35.321457, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16288 [2011/10/11 16:43:35.321498, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.321600, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 56 [2011/10/11 16:43:35.321648, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk [2011/10/11 16:43:35.321691, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.321733, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk [2011/10/11 16:43:35.321775, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.321816, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.321862, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:54:23 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.321927, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeb25, type= 0x3, gen_id = 890, uid = 0, flags = 0, file_id 803:404091:0, name_hash = 0x4f91c64 [2011/10/11 16:43:35.321975, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player.lnk fname=Windows Media Player.lnk (Windows Media Player.lnk) [2011/10/11 16:43:35.322022, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16188 [2011/10/11 16:43:35.322063, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.322109, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player.lnk -> 2CCE5E67 -> WCFK0H~3.LNK (cache=1) [2011/10/11 16:43:35.322164, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 76 [2011/10/11 16:43:35.322211, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:35.322253, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.322295, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini [2011/10/11 16:43:35.322337, 8] lib/util.c:1338(is_in_path) is_in_path: match succeeded [2011/10/11 16:43:35.322378, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning h [2011/10/11 16:43:35.322426, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Oct 11 16:43:34 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 2 [2011/10/11 16:43:35.322491, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x2019f, mid = 0x6765, type= 0x3, gen_id = 989, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:35.322548, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[1]: UNUSED pid = 8659, share_access = 0x7, private_options = 0x0, access_mask = 0x100180, mid = 0x6b25, type= 0x40, gen_id = 995, uid = 0, flags = 0, file_id 803:404092:0, name_hash = 0x7cf1a00a [2011/10/11 16:43:35.322597, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/desktop.ini fname=desktop.ini (desktop.ini) [2011/10/11 16:43:35.322643, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16044 [2011/10/11 16:43:35.322685, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.322738, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 104 [2011/10/11 16:43:35.322805, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk [2011/10/11 16:43:35.322849, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.322891, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk [2011/10/11 16:43:35.322932, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.322973, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.323020, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.323084, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc125, type= 0x3, gen_id = 862, uid = 0, flags = 0, file_id 803:404093:0, name_hash = 0x9b9fa079 [2011/10/11 16:43:35.323132, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager.lnk fname=Server Manager.lnk (Server Manager.lnk) [2011/10/11 16:43:35.323180, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15928 [2011/10/11 16:43:35.323221, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.323265, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager.lnk -> 13344361 -> S5BTP4~1.LNK (cache=1) [2011/10/11 16:43:35.323320, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 136 [2011/10/11 16:43:35.323368, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk [2011/10/11 16:43:35.323411, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.323452, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk [2011/10/11 16:43:35.323495, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.323535, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.323582, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.323647, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2425, type= 0x3, gen_id = 928, uid = 0, flags = 0, file_id 803:40414d:0, name_hash = 0x9f67f8f5 [2011/10/11 16:43:35.323695, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell.lnk fname=Windows PowerShell.lnk (Windows PowerShell.lnk) [2011/10/11 16:43:35.323743, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15796 [2011/10/11 16:43:35.323784, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.323828, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell.lnk -> 00B4857B -> W071KL~7.LNK (cache=1) [2011/10/11 16:43:35.323883, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 172 [2011/10/11 16:43:35.323931, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk [2011/10/11 16:43:35.323974, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.324030, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk [2011/10/11 16:43:35.324073, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.324114, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.324161, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.324225, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd1a5, type= 0x3, gen_id = 873, uid = 0, flags = 0, file_id 803:40414e:0, name_hash = 0x5c441919 [2011/10/11 16:43:35.324273, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (2).lnk fname=Windows Media Player (2).lnk (Windows Media Player (2).lnk) [2011/10/11 16:43:35.324321, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15656 [2011/10/11 16:43:35.324363, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.324407, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (2).lnk -> 7208CA8C -> WVN226~K.LNK (cache=1) [2011/10/11 16:43:35.324462, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 208 [2011/10/11 16:43:35.324509, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk [2011/10/11 16:43:35.324552, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.324594, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk [2011/10/11 16:43:35.324636, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.324677, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.324724, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.324788, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe0a5, type= 0x3, gen_id = 883, uid = 0, flags = 0, file_id 803:40414f:0, name_hash = 0xcb4d0649 [2011/10/11 16:43:35.324836, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (3).lnk fname=Windows Media Player (3).lnk (Windows Media Player (3).lnk) [2011/10/11 16:43:35.324884, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15504 [2011/10/11 16:43:35.324925, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.324969, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (3).lnk -> 7108C93B -> WVD2GJ~F.LNK (cache=1) [2011/10/11 16:43:35.325023, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 244 [2011/10/11 16:43:35.325071, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk [2011/10/11 16:43:35.325114, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.325156, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk [2011/10/11 16:43:35.325212, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.325252, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.325299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.325363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe225, type= 0x3, gen_id = 884, uid = 0, flags = 0, file_id 803:404150:0, name_hash = 0x1600bed3 [2011/10/11 16:43:35.325427, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (4).lnk fname=Windows Media Player (4).lnk (Windows Media Player (4).lnk) [2011/10/11 16:43:35.325474, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15352 [2011/10/11 16:43:35.325515, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.325559, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (4).lnk -> 6C08C11A -> WTZ4G0~Q.LNK (cache=1) [2011/10/11 16:43:35.325613, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 280 [2011/10/11 16:43:35.325660, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk [2011/10/11 16:43:35.325704, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.325745, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk [2011/10/11 16:43:35.325787, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.325827, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.325874, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.325938, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe3a5, type= 0x3, gen_id = 885, uid = 0, flags = 0, file_id 803:404151:0, name_hash = 0xda477db6 [2011/10/11 16:43:35.325986, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (5).lnk fname=Windows Media Player (5).lnk (Windows Media Player (5).lnk) [2011/10/11 16:43:35.326033, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15200 [2011/10/11 16:43:35.326074, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.326117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (5).lnk -> 6B08BF89 -> WTP4UB~T.LNK (cache=1) [2011/10/11 16:43:35.326171, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 316 [2011/10/11 16:43:35.326219, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk [2011/10/11 16:43:35.326262, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.326303, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk [2011/10/11 16:43:35.326345, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.326385, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.326432, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.326510, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe525, type= 0x3, gen_id = 886, uid = 0, flags = 0, file_id 803:404193:0, name_hash = 0xd6ad59 [2011/10/11 16:43:35.326558, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (6).lnk fname=Windows Media Player (6).lnk (Windows Media Player (6).lnk) [2011/10/11 16:43:35.326606, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 15048 [2011/10/11 16:43:35.326647, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.326690, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (6).lnk -> 6E08C470 -> WUJ3NG~0.LNK (cache=1) [2011/10/11 16:43:35.326744, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 352 [2011/10/11 16:43:35.326792, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk [2011/10/11 16:43:35.326835, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.326876, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk [2011/10/11 16:43:35.326919, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.326959, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.327006, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.327070, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe6a5, type= 0x3, gen_id = 887, uid = 0, flags = 0, file_id 803:404194:0, name_hash = 0xb20659e5 [2011/10/11 16:43:35.327118, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (7).lnk fname=Windows Media Player (7).lnk (Windows Media Player (7).lnk) [2011/10/11 16:43:35.327165, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14896 [2011/10/11 16:43:35.327206, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.327250, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (7).lnk -> 6D08C2EF -> WU941R~J.LNK (cache=1) [2011/10/11 16:43:35.327304, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 388 [2011/10/11 16:43:35.327352, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk [2011/10/11 16:43:35.327395, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.327436, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk [2011/10/11 16:43:35.327479, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.327519, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.327565, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.327629, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe825, type= 0x3, gen_id = 888, uid = 0, flags = 0, file_id 803:404195:0, name_hash = 0x637f42d4 [2011/10/11 16:43:35.327691, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (8).lnk fname=Windows Media Player (8).lnk (Windows Media Player (8).lnk) [2011/10/11 16:43:35.327739, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14744 [2011/10/11 16:43:35.327780, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.327823, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (8).lnk -> 7808D43E -> WXAZOE~6.LNK (cache=1) [2011/10/11 16:43:35.327878, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 424 [2011/10/11 16:43:35.327925, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk [2011/10/11 16:43:35.327968, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.328010, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk [2011/10/11 16:43:35.328052, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.328093, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.328139, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.328203, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xe9a5, type= 0x3, gen_id = 889, uid = 0, flags = 0, file_id 803:404196:0, name_hash = 0x870d6369 [2011/10/11 16:43:35.328251, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (9).lnk fname=Windows Media Player (9).lnk (Windows Media Player (9).lnk) [2011/10/11 16:43:35.328298, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14592 [2011/10/11 16:43:35.328339, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.328383, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (9).lnk -> 7708D2AD -> WX102P~9.LNK (cache=1) [2011/10/11 16:43:35.328438, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 464 [2011/10/11 16:43:35.328485, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk [2011/10/11 16:43:35.328529, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.328570, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk [2011/10/11 16:43:35.328613, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.328653, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.328700, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Wed Jan 26 16:00:49 2011 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.328765, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc2a5, type= 0x3, gen_id = 863, uid = 0, flags = 0, file_id 803:404198:0, name_hash = 0x11c1dbe2 [2011/10/11 16:43:35.328826, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (10).lnk fname=Windows Media Player (10).lnk (Windows Media Player (10).lnk) [2011/10/11 16:43:35.328874, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14440 [2011/10/11 16:43:35.328916, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.328961, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (10).lnk -> 26CF797D -> WARO03~H.LNK (cache=1) [2011/10/11 16:43:35.329016, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 504 [2011/10/11 16:43:35.329063, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk [2011/10/11 16:43:35.329107, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.329149, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk [2011/10/11 16:43:35.329191, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.329232, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.329279, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.329343, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc425, type= 0x3, gen_id = 864, uid = 0, flags = 0, file_id 803:40423b:0, name_hash = 0x89c84cf5 [2011/10/11 16:43:35.329407, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (11).lnk fname=Windows Media Player (11).lnk (Windows Media Player (11).lnk) [2011/10/11 16:43:35.329455, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14288 [2011/10/11 16:43:35.329496, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.329540, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (11).lnk -> 27CF7ACE -> WB1NLQ~M.LNK (cache=1) [2011/10/11 16:43:35.329595, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 544 [2011/10/11 16:43:35.329643, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk [2011/10/11 16:43:35.329686, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.329728, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk [2011/10/11 16:43:35.329770, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.329811, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.329858, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.329922, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc5a5, type= 0x3, gen_id = 865, uid = 0, flags = 0, file_id 803:7f4001:0, name_hash = 0x43e2f1ad [2011/10/11 16:43:35.329970, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (12).lnk fname=Windows Media Player (12).lnk (Windows Media Player (12).lnk) [2011/10/11 16:43:35.330031, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 14136 [2011/10/11 16:43:35.330073, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.330117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (12).lnk -> 28CF7C53 -> WBBN7F~7.LNK (cache=1) [2011/10/11 16:43:35.330172, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 584 [2011/10/11 16:43:35.330219, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk [2011/10/11 16:43:35.330262, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.330304, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk [2011/10/11 16:43:35.330346, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.330387, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.330433, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.330497, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc725, type= 0x3, gen_id = 866, uid = 0, flags = 0, file_id 803:40423c:0, name_hash = 0x5d7313b0 [2011/10/11 16:43:35.330545, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (13).lnk fname=Windows Media Player (13).lnk (Windows Media Player (13).lnk) [2011/10/11 16:43:35.330593, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13984 [2011/10/11 16:43:35.330634, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.330678, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (13).lnk -> 29CF7E24 -> WBLMT5~W.LNK (cache=1) [2011/10/11 16:43:35.330732, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 624 [2011/10/11 16:43:35.330780, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk [2011/10/11 16:43:35.330823, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.330865, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk [2011/10/11 16:43:35.330907, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.330947, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.330994, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.331058, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc8a5, type= 0x3, gen_id = 867, uid = 0, flags = 0, file_id 803:7f4002:0, name_hash = 0xdcc7e4e [2011/10/11 16:43:35.331106, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (14).lnk fname=Windows Media Player (14).lnk (Windows Media Player (14).lnk) [2011/10/11 16:43:35.331167, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13832 [2011/10/11 16:43:35.331209, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.331355, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (14).lnk -> 22CF7321 -> W9NPLB~5.LNK (cache=1) [2011/10/11 16:43:35.331411, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 664 [2011/10/11 16:43:35.331460, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk [2011/10/11 16:43:35.331503, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.331545, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk [2011/10/11 16:43:35.331588, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.331629, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.331676, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.331741, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xca25, type= 0x3, gen_id = 868, uid = 0, flags = 0, file_id 803:40423d:0, name_hash = 0x4d5a871 [2011/10/11 16:43:35.331789, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (15).lnk fname=Windows Media Player (15).lnk (Windows Media Player (15).lnk) [2011/10/11 16:43:35.331837, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13680 [2011/10/11 16:43:35.331879, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.331922, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (15).lnk -> 23CF74B2 -> W9XP70~2.LNK (cache=1) [2011/10/11 16:43:35.331977, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 696 [2011/10/11 16:43:35.332025, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk [2011/10/11 16:43:35.332068, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.332109, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk [2011/10/11 16:43:35.332152, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.332192, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.332239, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.332303, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x98a5, type= 0x3, gen_id = 835, uid = 0, flags = 0, file_id 803:7fc001:0, name_hash = 0xf9e368f6 [2011/10/11 16:43:35.332352, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (2).lnk fname=Server Manager (2).lnk (Server Manager (2).lnk) [2011/10/11 16:43:35.332399, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13528 [2011/10/11 16:43:35.332440, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.332499, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (2).lnk -> 487FE49A -> SK46EU~2.LNK (cache=1) [2011/10/11 16:43:35.332554, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 732 [2011/10/11 16:43:35.332601, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk [2011/10/11 16:43:35.332644, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.332686, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk [2011/10/11 16:43:35.332728, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.332769, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.332816, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.332880, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfba5, type= 0x3, gen_id = 901, uid = 0, flags = 0, file_id 803:7fc002:0, name_hash = 0x27ba6a31 [2011/10/11 16:43:35.332928, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (2).lnk fname=Windows PowerShell (2).lnk (Windows PowerShell (2).lnk) [2011/10/11 16:43:35.332976, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13388 [2011/10/11 16:43:35.333017, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.333061, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (2).lnk -> 5F86C300 -> WQI6PZ~4.LNK (cache=1) [2011/10/11 16:43:35.333115, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 764 [2011/10/11 16:43:35.333163, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk [2011/10/11 16:43:35.333206, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.333247, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk [2011/10/11 16:43:35.333289, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.333330, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.333396, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.333462, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa925, type= 0x3, gen_id = 846, uid = 0, flags = 0, file_id 803:404197:0, name_hash = 0x48d9fcc4 [2011/10/11 16:43:35.333510, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (3).lnk fname=Server Manager (3).lnk (Server Manager (3).lnk) [2011/10/11 16:43:35.333557, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13240 [2011/10/11 16:43:35.333599, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.333643, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (3).lnk -> 477FE309 -> SJU6T5~5.LNK (cache=1) [2011/10/11 16:43:35.333697, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 800 [2011/10/11 16:43:35.333759, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk [2011/10/11 16:43:35.333802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.333843, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk [2011/10/11 16:43:35.333886, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.333927, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.333974, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.334038, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xc25, type= 0x3, gen_id = 912, uid = 0, flags = 0, file_id 803:40423f:0, name_hash = 0xb96b9eb8 [2011/10/11 16:43:35.334086, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (3).lnk fname=Windows PowerShell (3).lnk (Windows PowerShell (3).lnk) [2011/10/11 16:43:35.334133, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 13100 [2011/10/11 16:43:35.334174, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.334218, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (3).lnk -> 5E86C1BF -> WQ874C~F.LNK (cache=1) [2011/10/11 16:43:35.334272, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 832 [2011/10/11 16:43:35.334320, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk [2011/10/11 16:43:35.334362, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.334404, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk [2011/10/11 16:43:35.334446, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.334486, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.334533, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.334598, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb825, type= 0x3, gen_id = 856, uid = 0, flags = 0, file_id 803:404240:0, name_hash = 0x15b5ae60 [2011/10/11 16:43:35.334646, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (4).lnk fname=Server Manager (4).lnk (Server Manager (4).lnk) [2011/10/11 16:43:35.334693, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12952 [2011/10/11 16:43:35.334734, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.334778, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (4).lnk -> 4E7FEE0C -> SLS40Z~W.LNK (cache=1) [2011/10/11 16:43:35.334832, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 868 [2011/10/11 16:43:35.334880, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk [2011/10/11 16:43:35.334938, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.334981, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk [2011/10/11 16:43:35.335023, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.335063, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.335110, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.335174, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1b25, type= 0x3, gen_id = 922, uid = 0, flags = 0, file_id 803:404241:0, name_hash = 0x84281113 [2011/10/11 16:43:35.335223, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (4).lnk fname=Windows PowerShell (4).lnk (Windows PowerShell (4).lnk) [2011/10/11 16:43:35.335270, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12812 [2011/10/11 16:43:35.335311, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.335354, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (4).lnk -> 6186C666 -> WR25XE~U.LNK (cache=1) [2011/10/11 16:43:35.335408, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 900 [2011/10/11 16:43:35.335456, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk [2011/10/11 16:43:35.335498, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.335540, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk [2011/10/11 16:43:35.335582, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.335623, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.335669, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.335734, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb9a5, type= 0x3, gen_id = 857, uid = 0, flags = 0, file_id 803:7fc003:0, name_hash = 0x9cca7c91 [2011/10/11 16:43:35.335781, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (5).lnk fname=Server Manager (5).lnk (Server Manager (5).lnk) [2011/10/11 16:43:35.335905, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12664 [2011/10/11 16:43:35.335946, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.335991, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (5).lnk -> 4D7FECBB -> SLI4FC~R.LNK (cache=1) [2011/10/11 16:43:35.336046, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 936 [2011/10/11 16:43:35.336093, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk [2011/10/11 16:43:35.336136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.336177, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk [2011/10/11 16:43:35.336234, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.336276, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.336323, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.336387, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1ca5, type= 0x3, gen_id = 923, uid = 0, flags = 0, file_id 803:7fc004:0, name_hash = 0x7826fa75 [2011/10/11 16:43:35.336436, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (5).lnk fname=Windows PowerShell (5).lnk (Windows PowerShell (5).lnk) [2011/10/11 16:43:35.336483, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12524 [2011/10/11 16:43:35.336524, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.336567, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (5).lnk -> 6086C495 -> WQS6BO~5.LNK (cache=1) [2011/10/11 16:43:35.336622, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 968 [2011/10/11 16:43:35.336669, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk [2011/10/11 16:43:35.336712, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.336753, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk [2011/10/11 16:43:35.336795, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.336836, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.336883, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.336946, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbb25, type= 0x3, gen_id = 858, uid = 0, flags = 0, file_id 803:404242:0, name_hash = 0x2402eac4 [2011/10/11 16:43:35.336994, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (6).lnk fname=Server Manager (6).lnk (Server Manager (6).lnk) [2011/10/11 16:43:35.337042, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12376 [2011/10/11 16:43:35.337083, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.337127, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (6).lnk -> 4C7FEAD6 -> SL84TL~I.LNK (cache=1) [2011/10/11 16:43:35.337182, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1004 [2011/10/11 16:43:35.337229, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk [2011/10/11 16:43:35.337272, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.337313, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk [2011/10/11 16:43:35.337356, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.337414, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.337461, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.337540, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1e25, type= 0x3, gen_id = 924, uid = 0, flags = 0, file_id 803:7fc005:0, name_hash = 0x8091b7af [2011/10/11 16:43:35.337588, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (6).lnk fname=Windows PowerShell (6).lnk (Windows PowerShell (6).lnk) [2011/10/11 16:43:35.337635, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12236 [2011/10/11 16:43:35.337676, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.337721, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (6).lnk -> 6386C95C -> WRM54R~G.LNK (cache=1) [2011/10/11 16:43:35.337775, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1044 [2011/10/11 16:43:35.337823, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk [2011/10/11 16:43:35.337866, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.337908, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk [2011/10/11 16:43:35.337950, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.337990, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.338037, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.338101, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcba5, type= 0x3, gen_id = 869, uid = 0, flags = 0, file_id 803:7fc006:0, name_hash = 0x102d4b9f [2011/10/11 16:43:35.338149, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (16).lnk fname=Windows Media Player (16).lnk (Windows Media Player (16).lnk) [2011/10/11 16:43:35.338196, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 12088 [2011/10/11 16:43:35.338238, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.338282, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (16).lnk -> 24CF7607 -> WA7OSN~B.LNK (cache=1) [2011/10/11 16:43:35.338336, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1084 [2011/10/11 16:43:35.338384, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk [2011/10/11 16:43:35.338427, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.338468, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk [2011/10/11 16:43:35.338511, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.338551, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.338598, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.338676, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcd25, type= 0x3, gen_id = 870, uid = 0, flags = 0, file_id 803:7fc007:0, name_hash = 0xf6dae [2011/10/11 16:43:35.338725, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (17).lnk fname=Windows Media Player (17).lnk (Windows Media Player (17).lnk) [2011/10/11 16:43:35.338772, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11936 [2011/10/11 16:43:35.338814, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.338858, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (17).lnk -> 25CF77E8 -> WAHOEE~G.LNK (cache=1) [2011/10/11 16:43:35.338912, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1124 [2011/10/11 16:43:35.338959, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk [2011/10/11 16:43:35.339002, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.339044, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk [2011/10/11 16:43:35.339086, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.339127, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.339174, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.339238, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xcea5, type= 0x3, gen_id = 871, uid = 0, flags = 0, file_id 803:7fc008:0, name_hash = 0x866cf060 [2011/10/11 16:43:35.339285, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (18).lnk fname=Windows Media Player (18).lnk (Windows Media Player (18).lnk) [2011/10/11 16:43:35.339332, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11784 [2011/10/11 16:43:35.339374, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.339418, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (18).lnk -> 1ECF6C95 -> W8JR6H~H.LNK (cache=1) [2011/10/11 16:43:35.339472, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1156 [2011/10/11 16:43:35.339519, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk [2011/10/11 16:43:35.339562, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.339603, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk [2011/10/11 16:43:35.339646, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.339686, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.339733, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.339796, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbca5, type= 0x3, gen_id = 859, uid = 0, flags = 0, file_id 803:7fc009:0, name_hash = 0xff899459 [2011/10/11 16:43:35.339858, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (7).lnk fname=Server Manager (7).lnk (Server Manager (7).lnk) [2011/10/11 16:43:35.339906, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11632 [2011/10/11 16:43:35.339947, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.339991, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (7).lnk -> 4B7FE945 -> SKY57W~L.LNK (cache=1) [2011/10/11 16:43:35.340045, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1192 [2011/10/11 16:43:35.340092, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk [2011/10/11 16:43:35.340136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.340177, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk [2011/10/11 16:43:35.340220, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.340260, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.340386, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.340451, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1fa5, type= 0x3, gen_id = 925, uid = 0, flags = 0, file_id 803:7fc00a:0, name_hash = 0x3f262b16 [2011/10/11 16:43:35.340500, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (7).lnk fname=Windows PowerShell (7).lnk (Windows PowerShell (7).lnk) [2011/10/11 16:43:35.340548, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11492 [2011/10/11 16:43:35.340589, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.340633, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (7).lnk -> 6286C7CB -> WRC5J2~J.LNK (cache=1) [2011/10/11 16:43:35.340688, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1224 [2011/10/11 16:43:35.340736, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk [2011/10/11 16:43:35.340778, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.340820, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk [2011/10/11 16:43:35.340862, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.340903, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.340950, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.341014, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbe25, type= 0x3, gen_id = 860, uid = 0, flags = 0, file_id 803:7fc00b:0, name_hash = 0x5de48b12 [2011/10/11 16:43:35.341061, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (8).lnk fname=Server Manager (8).lnk (Server Manager (8).lnk) [2011/10/11 16:43:35.341123, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11344 [2011/10/11 16:43:35.341165, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.341209, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (8).lnk -> 527FF458 -> SMW2FR~S.LNK (cache=1) [2011/10/11 16:43:35.341264, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1260 [2011/10/11 16:43:35.341311, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk [2011/10/11 16:43:35.341355, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.341412, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk [2011/10/11 16:43:35.341455, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.341496, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.341543, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.341607, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2125, type= 0x3, gen_id = 926, uid = 0, flags = 0, file_id 803:7fc00c:0, name_hash = 0x98a24f7d [2011/10/11 16:43:35.341656, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (8).lnk fname=Windows PowerShell (8).lnk (Windows PowerShell (8).lnk) [2011/10/11 16:43:35.341703, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11204 [2011/10/11 16:43:35.341744, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.341788, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (8).lnk -> 6586CCB2 -> WS64C6~Q.LNK (cache=1) [2011/10/11 16:43:35.341843, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1292 [2011/10/11 16:43:35.341890, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk [2011/10/11 16:43:35.341933, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.341975, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk [2011/10/11 16:43:35.342017, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.342058, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.342105, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.342223, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xbfa5, type= 0x3, gen_id = 861, uid = 0, flags = 0, file_id 803:404243:0, name_hash = 0xa4a66cc6 [2011/10/11 16:43:35.342272, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (9).lnk fname=Server Manager (9).lnk (Server Manager (9).lnk) [2011/10/11 16:43:35.342320, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 11056 [2011/10/11 16:43:35.342375, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.342420, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (9).lnk -> 517FF2F7 -> SMM2U4~7.LNK (cache=1) [2011/10/11 16:43:35.342475, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1328 [2011/10/11 16:43:35.342522, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk [2011/10/11 16:43:35.342566, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.342607, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk [2011/10/11 16:43:35.342649, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.342690, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.342736, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.342800, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x22a5, type= 0x3, gen_id = 927, uid = 0, flags = 0, file_id 803:404244:0, name_hash = 0x7d36e96 [2011/10/11 16:43:35.342848, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (9).lnk fname=Windows PowerShell (9).lnk (Windows PowerShell (9).lnk) [2011/10/11 16:43:35.342896, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10916 [2011/10/11 16:43:35.342937, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.342980, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (9).lnk -> 6486CB21 -> WRW4QH~T.LNK (cache=1) [2011/10/11 16:43:35.343035, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1360 [2011/10/11 16:43:35.343083, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk [2011/10/11 16:43:35.343125, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.343167, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk [2011/10/11 16:43:35.343209, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.343249, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.343296, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.343360, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x89a5, type= 0x3, gen_id = 825, uid = 0, flags = 0, file_id 803:404245:0, name_hash = 0x7b08bb42 [2011/10/11 16:43:35.343407, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (10).lnk fname=Server Manager (10).lnk (Server Manager (10).lnk) [2011/10/11 16:43:35.343455, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10768 [2011/10/11 16:43:35.343496, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.343540, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (10).lnk -> 2A57CBEB -> SBQY9R~F.LNK (cache=1) [2011/10/11 16:43:35.343608, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1396 [2011/10/11 16:43:35.343656, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk [2011/10/11 16:43:35.343700, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.343741, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk [2011/10/11 16:43:35.343783, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.343824, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.343871, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.343935, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xeca5, type= 0x3, gen_id = 891, uid = 0, flags = 0, file_id 803:404246:0, name_hash = 0xda94ec4b [2011/10/11 16:43:35.343983, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (10).lnk fname=Windows PowerShell (10).lnk (Windows PowerShell (10).lnk) [2011/10/11 16:43:35.344031, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10628 [2011/10/11 16:43:35.344126, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.344170, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (10).lnk -> 681D7EE9 -> WSVZ7C~9.LNK (cache=1) [2011/10/11 16:43:35.344225, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1428 [2011/10/11 16:43:35.344273, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk [2011/10/11 16:43:35.344316, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.344358, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk [2011/10/11 16:43:35.344400, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.344440, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.344487, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.344551, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8b25, type= 0x3, gen_id = 826, uid = 0, flags = 0, file_id 803:404247:0, name_hash = 0x5ac4287d [2011/10/11 16:43:35.344598, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (11).lnk fname=Server Manager (11).lnk (Server Manager (11).lnk) [2011/10/11 16:43:35.344646, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10480 [2011/10/11 16:43:35.344687, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.344731, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (11).lnk -> 2B57CD7C -> SC0XVG~C.LNK (cache=1) [2011/10/11 16:43:35.344785, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1464 [2011/10/11 16:43:35.344832, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk [2011/10/11 16:43:35.344890, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.344932, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk [2011/10/11 16:43:35.344974, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.345014, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.345061, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.345125, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xee25, type= 0x3, gen_id = 892, uid = 0, flags = 0, file_id 803:404248:0, name_hash = 0x3d226c78 [2011/10/11 16:43:35.345173, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (11).lnk fname=Windows PowerShell (11).lnk (Windows PowerShell (11).lnk) [2011/10/11 16:43:35.345220, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10340 [2011/10/11 16:43:35.345261, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.345305, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (11).lnk -> 691D807A -> WT5YT1~6.LNK (cache=1) [2011/10/11 16:43:35.345359, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1496 [2011/10/11 16:43:35.345423, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk [2011/10/11 16:43:35.345466, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.345507, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk [2011/10/11 16:43:35.345550, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.345590, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.345637, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.345701, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8ca5, type= 0x3, gen_id = 827, uid = 0, flags = 0, file_id 803:7fc00d:0, name_hash = 0x88feaa0a [2011/10/11 16:43:35.345749, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (12).lnk fname=Server Manager (12).lnk (Server Manager (12).lnk) [2011/10/11 16:43:35.345796, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10192 [2011/10/11 16:43:35.345837, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.345881, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (12).lnk -> 2857C8B5 -> SB6Z2D~1.LNK (cache=1) [2011/10/11 16:43:35.345936, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1532 [2011/10/11 16:43:35.345983, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk [2011/10/11 16:43:35.346027, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.346082, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk [2011/10/11 16:43:35.346126, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.346166, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.346213, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.346277, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xefa5, type= 0x3, gen_id = 893, uid = 0, flags = 0, file_id 803:7fc00e:0, name_hash = 0x40bbbb11 [2011/10/11 16:43:35.346325, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (12).lnk fname=Windows PowerShell (12).lnk (Windows PowerShell (12).lnk) [2011/10/11 16:43:35.346372, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 10052 [2011/10/11 16:43:35.346413, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.346457, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (12).lnk -> 6A1D81CF -> WTFYEO~F.LNK (cache=1) [2011/10/11 16:43:35.346512, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1564 [2011/10/11 16:43:35.346560, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk [2011/10/11 16:43:35.346602, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.346644, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk [2011/10/11 16:43:35.346686, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.346727, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.346774, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.346837, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8e25, type= 0x3, gen_id = 828, uid = 0, flags = 0, file_id 803:404249:0, name_hash = 0x4aff2134 [2011/10/11 16:43:35.346885, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (13).lnk fname=Server Manager (13).lnk (Server Manager (13).lnk) [2011/10/11 16:43:35.346932, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9904 [2011/10/11 16:43:35.346973, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.347017, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (13).lnk -> 2957CA06 -> SBGYO0~6.LNK (cache=1) [2011/10/11 16:43:35.347071, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1600 [2011/10/11 16:43:35.347119, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk [2011/10/11 16:43:35.347162, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.347203, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk [2011/10/11 16:43:35.347246, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.347300, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.347347, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.347412, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf125, type= 0x3, gen_id = 894, uid = 0, flags = 0, file_id 803:40424a:0, name_hash = 0xfff71e78 [2011/10/11 16:43:35.347460, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (13).lnk fname=Windows PowerShell (13).lnk (Windows PowerShell (13).lnk) [2011/10/11 16:43:35.347507, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9764 [2011/10/11 16:43:35.347548, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.347592, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (13).lnk -> 6B1D8350 -> WTPY0C~W.LNK (cache=1) [2011/10/11 16:43:35.347646, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1632 [2011/10/11 16:43:35.347693, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk [2011/10/11 16:43:35.347736, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.347777, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk [2011/10/11 16:43:35.347819, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.347859, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.347906, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.347970, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x8fa5, type= 0x3, gen_id = 829, uid = 0, flags = 0, file_id 803:7fc00f:0, name_hash = 0xbb927cc3 [2011/10/11 16:43:35.348018, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (14).lnk fname=Server Manager (14).lnk (Server Manager (14).lnk) [2011/10/11 16:43:35.348065, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9616 [2011/10/11 16:43:35.348106, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.348150, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (14).lnk -> 2657C55F -> SAMZUX~R.LNK (cache=1) [2011/10/11 16:43:35.348204, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1668 [2011/10/11 16:43:35.348252, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk [2011/10/11 16:43:35.348294, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.348336, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk [2011/10/11 16:43:35.348378, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.348418, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.348466, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.348543, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf2a5, type= 0x3, gen_id = 895, uid = 0, flags = 0, file_id 803:7fc010:0, name_hash = 0xf676605e [2011/10/11 16:43:35.348592, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (14).lnk fname=Windows PowerShell (14).lnk (Windows PowerShell (14).lnk) [2011/10/11 16:43:35.348639, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9476 [2011/10/11 16:43:35.348680, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.348724, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (14).lnk -> 6C1D8525 -> WTZXM3~P.LNK (cache=1) [2011/10/11 16:43:35.348779, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1700 [2011/10/11 16:43:35.348826, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk [2011/10/11 16:43:35.348869, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.348910, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk [2011/10/11 16:43:35.349010, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.349051, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.349098, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.349162, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9125, type= 0x3, gen_id = 830, uid = 0, flags = 0, file_id 803:40424b:0, name_hash = 0xeb5bb8c7 [2011/10/11 16:43:35.349210, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (15).lnk fname=Server Manager (15).lnk (Server Manager (15).lnk) [2011/10/11 16:43:35.349258, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9328 [2011/10/11 16:43:35.349299, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.349343, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (15).lnk -> 2757C720 -> SAWZGO~0.LNK (cache=1) [2011/10/11 16:43:35.349413, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1736 [2011/10/11 16:43:35.349461, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk [2011/10/11 16:43:35.349504, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.349545, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk [2011/10/11 16:43:35.349588, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.349628, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.349676, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.349739, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf425, type= 0x3, gen_id = 896, uid = 0, flags = 0, file_id 803:40424c:0, name_hash = 0xaf6c0ea7 [2011/10/11 16:43:35.349802, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (15).lnk fname=Windows PowerShell (15).lnk (Windows PowerShell (15).lnk) [2011/10/11 16:43:35.349850, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9188 [2011/10/11 16:43:35.349891, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.349934, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (15).lnk -> 6D1D86B6 -> WU9X7S~M.LNK (cache=1) [2011/10/11 16:43:35.349988, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1768 [2011/10/11 16:43:35.350035, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk [2011/10/11 16:43:35.350078, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.350119, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk [2011/10/11 16:43:35.350162, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.350202, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.350249, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.350312, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x92a5, type= 0x3, gen_id = 831, uid = 0, flags = 0, file_id 803:7fc011:0, name_hash = 0xfb0d3fd3 [2011/10/11 16:43:35.350360, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (16).lnk fname=Server Manager (16).lnk (Server Manager (16).lnk) [2011/10/11 16:43:35.350407, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 9040 [2011/10/11 16:43:35.350448, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.350491, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (16).lnk -> 2457C279 -> SA30NL~L.LNK (cache=1) [2011/10/11 16:43:35.350545, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1804 [2011/10/11 16:43:35.350592, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk [2011/10/11 16:43:35.350635, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.350677, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk [2011/10/11 16:43:35.350719, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.350759, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.350806, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.350870, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf5a5, type= 0x3, gen_id = 897, uid = 0, flags = 0, file_id 803:7fc012:0, name_hash = 0x52027246 [2011/10/11 16:43:35.350918, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (16).lnk fname=Windows PowerShell (16).lnk (Windows PowerShell (16).lnk) [2011/10/11 16:43:35.350979, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8900 [2011/10/11 16:43:35.351020, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.351064, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (16).lnk -> 6E1D881B -> WUJWTG~B.LNK (cache=1) [2011/10/11 16:43:35.351118, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1836 [2011/10/11 16:43:35.351166, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk [2011/10/11 16:43:35.351209, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.351250, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk [2011/10/11 16:43:35.351293, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.351333, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.351381, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.351444, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9425, type= 0x3, gen_id = 832, uid = 0, flags = 0, file_id 803:40424d:0, name_hash = 0x4bbc30a0 [2011/10/11 16:43:35.351492, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (17).lnk fname=Server Manager (17).lnk (Server Manager (17).lnk) [2011/10/11 16:43:35.351539, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8752 [2011/10/11 16:43:35.351581, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.351624, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (17).lnk -> 2557C3CA -> SAD098~Q.LNK (cache=1) [2011/10/11 16:43:35.351679, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1872 [2011/10/11 16:43:35.351726, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk [2011/10/11 16:43:35.351769, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.351811, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk [2011/10/11 16:43:35.351853, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.351893, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.351940, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.352004, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf725, type= 0x3, gen_id = 898, uid = 0, flags = 0, file_id 803:40424e:0, name_hash = 0xfe77b478 [2011/10/11 16:43:35.352052, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (17).lnk fname=Windows PowerShell (17).lnk (Windows PowerShell (17).lnk) [2011/10/11 16:43:35.352100, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8612 [2011/10/11 16:43:35.352155, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.352199, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (17).lnk -> 6F1D89EC -> WUTWF7~0.LNK (cache=1) [2011/10/11 16:43:35.352252, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1912 [2011/10/11 16:43:35.352300, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk [2011/10/11 16:43:35.352343, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.352384, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk [2011/10/11 16:43:35.352426, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.352466, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.352513, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.352576, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd025, type= 0x3, gen_id = 872, uid = 0, flags = 0, file_id 803:404073:0, name_hash = 0x4957277 [2011/10/11 16:43:35.352624, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (19).lnk fname=Windows Media Player (19).lnk (Windows Media Player (19).lnk) [2011/10/11 16:43:35.352672, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8464 [2011/10/11 16:43:35.352713, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.352756, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (19).lnk -> 1FCF6E66 -> W8TQS8~6.LNK (cache=1) [2011/10/11 16:43:35.352811, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1952 [2011/10/11 16:43:35.352858, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk [2011/10/11 16:43:35.352901, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.352942, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk [2011/10/11 16:43:35.352985, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.353025, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.353071, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.353135, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd325, type= 0x3, gen_id = 874, uid = 0, flags = 0, file_id 803:40430b:0, name_hash = 0xa7d1828b [2011/10/11 16:43:35.353183, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (20).lnk fname=Windows Media Player (20).lnk (Windows Media Player (20).lnk) [2011/10/11 16:43:35.353231, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8312 [2011/10/11 16:43:35.353273, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.353330, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (20).lnk -> 18D6E8A6 -> W6W44O~6.LNK (cache=1) [2011/10/11 16:43:35.353401, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 1992 [2011/10/11 16:43:35.353450, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk [2011/10/11 16:43:35.353494, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.353535, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk [2011/10/11 16:43:35.353578, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.353619, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.353666, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.353730, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd4a5, type= 0x3, gen_id = 875, uid = 0, flags = 0, file_id 803:17ec026:0, name_hash = 0xea1f4d07 [2011/10/11 16:43:35.353778, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (21).lnk fname=Windows Media Player (21).lnk (Windows Media Player (21).lnk) [2011/10/11 16:43:35.353826, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8160 [2011/10/11 16:43:35.353927, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.353972, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (21).lnk -> 17D6E6D5 -> W6M4IX~H.LNK (cache=1) [2011/10/11 16:43:35.354027, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2032 [2011/10/11 16:43:35.354075, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk [2011/10/11 16:43:35.354119, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.354161, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk [2011/10/11 16:43:35.354204, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.354244, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.354292, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.354356, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd625, type= 0x3, gen_id = 876, uid = 0, flags = 0, file_id 803:17ec027:0, name_hash = 0xae558725 [2011/10/11 16:43:35.354405, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (22).lnk fname=Windows Media Player (22).lnk (Windows Media Player (22).lnk) [2011/10/11 16:43:35.354452, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 8008 [2011/10/11 16:43:35.354494, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.354538, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (22).lnk -> 1AD6EB9C -> W7G3C0~S.LNK (cache=1) [2011/10/11 16:43:35.354607, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2072 [2011/10/11 16:43:35.354656, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk [2011/10/11 16:43:35.354699, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.354741, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk [2011/10/11 16:43:35.354784, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.354825, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.354872, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.354936, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd7a5, type= 0x3, gen_id = 877, uid = 0, flags = 0, file_id 803:17ec028:0, name_hash = 0xbb846bdc [2011/10/11 16:43:35.354984, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (23).lnk fname=Windows Media Player (23).lnk (Windows Media Player (23).lnk) [2011/10/11 16:43:35.355032, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7856 [2011/10/11 16:43:35.355073, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.355117, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (23).lnk -> 19D6EA0B -> W763QB~V.LNK (cache=1) [2011/10/11 16:43:35.355172, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2112 [2011/10/11 16:43:35.355220, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk [2011/10/11 16:43:35.355263, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.355305, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk [2011/10/11 16:43:35.355348, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.355388, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.355435, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.355499, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xd925, type= 0x3, gen_id = 878, uid = 0, flags = 0, file_id 803:17ec029:0, name_hash = 0xe422ada2 [2011/10/11 16:43:35.355551, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (24).lnk fname=Windows Media Player (24).lnk (Windows Media Player (24).lnk) [2011/10/11 16:43:35.355599, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7704 [2011/10/11 16:43:35.355640, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.355684, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (24).lnk -> 14D6E26A -> W5S5PW~Q.LNK (cache=1) [2011/10/11 16:43:35.355739, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2152 [2011/10/11 16:43:35.355801, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk [2011/10/11 16:43:35.355845, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.355886, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk [2011/10/11 16:43:35.355928, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.355969, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.356015, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Thu May 26 11:41:37 2011 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.356079, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdaa5, type= 0x3, gen_id = 879, uid = 0, flags = 0, file_id 803:17ec02a:0, name_hash = 0xaa6b67be [2011/10/11 16:43:35.356126, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (25).lnk fname=Windows Media Player (25).lnk (Windows Media Player (25).lnk) [2011/10/11 16:43:35.356174, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7552 [2011/10/11 16:43:35.356215, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.356258, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (25).lnk -> 13D6E099 -> W5I646~1.LNK (cache=1) [2011/10/11 16:43:35.356312, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2192 [2011/10/11 16:43:35.356360, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk [2011/10/11 16:43:35.356403, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.356444, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk [2011/10/11 16:43:35.356486, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.356527, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.356574, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.356637, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdc25, type= 0x3, gen_id = 880, uid = 0, flags = 0, file_id 803:40430d:0, name_hash = 0x67fd7be7 [2011/10/11 16:43:35.356684, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (26).lnk fname=Windows Media Player (26).lnk (Windows Media Player (26).lnk) [2011/10/11 16:43:35.356731, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7400 [2011/10/11 16:43:35.356773, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.356816, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (26).lnk -> 16D6E540 -> W6C4X8~G.LNK (cache=1) [2011/10/11 16:43:35.356870, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2232 [2011/10/11 16:43:35.356918, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk [2011/10/11 16:43:35.357016, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.357073, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk [2011/10/11 16:43:35.357116, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.357156, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.357204, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.357267, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdda5, type= 0x3, gen_id = 881, uid = 0, flags = 0, file_id 803:40430e:0, name_hash = 0xc32ea297 [2011/10/11 16:43:35.357316, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (27).lnk fname=Windows Media Player (27).lnk (Windows Media Player (27).lnk) [2011/10/11 16:43:35.357364, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7248 [2011/10/11 16:43:35.357465, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.357511, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (27).lnk -> 15D6E3FF -> W625BL~R.LNK (cache=1) [2011/10/11 16:43:35.357567, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2272 [2011/10/11 16:43:35.357615, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk [2011/10/11 16:43:35.357658, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.357700, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk [2011/10/11 16:43:35.357742, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.357783, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.357830, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Fri Jul 30 11:45:49 2010 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.357894, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xdf25, type= 0x3, gen_id = 882, uid = 0, flags = 0, file_id 803:40430f:0, name_hash = 0x70108ac4 [2011/10/11 16:43:35.357942, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows Media Player (28).lnk fname=Windows Media Player (28).lnk (Windows Media Player (28).lnk) [2011/10/11 16:43:35.357989, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 7096 [2011/10/11 16:43:35.358031, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.358075, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows Media Player (28).lnk -> 20D6F50E -> W940Y6~M.LNK (cache=1) [2011/10/11 16:43:35.358129, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2304 [2011/10/11 16:43:35.358177, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk [2011/10/11 16:43:35.358220, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.358262, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk [2011/10/11 16:43:35.358319, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.358360, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.358407, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.358471, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x95a5, type= 0x3, gen_id = 833, uid = 0, flags = 0, file_id 803:404310:0, name_hash = 0xff53a764 [2011/10/11 16:43:35.358519, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (18).lnk fname=Server Manager (18).lnk (Server Manager (18).lnk) [2011/10/11 16:43:35.358566, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6944 [2011/10/11 16:43:35.358607, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.358650, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (18).lnk -> 3257D873 -> SDYV3A~R.LNK (cache=1) [2011/10/11 16:43:35.358705, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2340 [2011/10/11 16:43:35.358752, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk [2011/10/11 16:43:35.358795, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.358837, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk [2011/10/11 16:43:35.358879, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.358979, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.359028, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.359092, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf8a5, type= 0x3, gen_id = 899, uid = 0, flags = 0, file_id 803:404311:0, name_hash = 0xba365da5 [2011/10/11 16:43:35.359140, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (18).lnk fname=Windows PowerShell (18).lnk (Windows PowerShell (18).lnk) [2011/10/11 16:43:35.359187, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6804 [2011/10/11 16:43:35.359229, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.359272, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (18).lnk -> 701D8B71 -> WV3W0V~L.LNK (cache=1) [2011/10/11 16:43:35.359326, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2372 [2011/10/11 16:43:35.359374, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk [2011/10/11 16:43:35.359417, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.359458, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk [2011/10/11 16:43:35.359500, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.359540, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.359601, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.359666, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9725, type= 0x3, gen_id = 834, uid = 0, flags = 0, file_id 803:404312:0, name_hash = 0x2db8bfcd [2011/10/11 16:43:35.359713, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (19).lnk fname=Server Manager (19).lnk (Server Manager (19).lnk) [2011/10/11 16:43:35.359761, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6656 [2011/10/11 16:43:35.359802, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.359846, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (19).lnk -> 3357D9C4 -> SE8UOX~W.LNK (cache=1) [2011/10/11 16:43:35.359899, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2408 [2011/10/11 16:43:35.359947, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk [2011/10/11 16:43:35.359990, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.360031, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk [2011/10/11 16:43:35.360073, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.360113, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.360160, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.360224, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfa25, type= 0x3, gen_id = 900, uid = 0, flags = 0, file_id 803:404313:0, name_hash = 0xd0f2ea00 [2011/10/11 16:43:35.360272, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (19).lnk fname=Windows PowerShell (19).lnk (Windows PowerShell (19).lnk) [2011/10/11 16:43:35.360319, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6516 [2011/10/11 16:43:35.360360, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.360403, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (19).lnk -> 711D8CC2 -> WVDVMI~Q.LNK (cache=1) [2011/10/11 16:43:35.360457, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2440 [2011/10/11 16:43:35.360505, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk [2011/10/11 16:43:35.360547, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.360589, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk [2011/10/11 16:43:35.360631, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.360672, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.360718, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.360782, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9a25, type= 0x3, gen_id = 836, uid = 0, flags = 0, file_id 803:404314:0, name_hash = 0xf5cdc8bb [2011/10/11 16:43:35.360850, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (20).lnk fname=Server Manager (20).lnk (Server Manager (20).lnk) [2011/10/11 16:43:35.360898, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6368 [2011/10/11 16:43:35.360939, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.360982, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (20).lnk -> 2454BA10 -> SA2WE8~G.LNK (cache=1) [2011/10/11 16:43:35.361037, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2476 [2011/10/11 16:43:35.361084, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk [2011/10/11 16:43:35.361128, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.361169, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk [2011/10/11 16:43:35.361211, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.361252, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.361299, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.361363, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfd25, type= 0x3, gen_id = 902, uid = 0, flags = 0, file_id 803:404315:0, name_hash = 0x289830fa [2011/10/11 16:43:35.361427, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (20).lnk fname=Windows PowerShell (20).lnk (Windows PowerShell (20).lnk) [2011/10/11 16:43:35.361475, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6228 [2011/10/11 16:43:35.361516, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.361560, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (20).lnk -> 7A252072 -> WXW2M4~2.LNK (cache=1) [2011/10/11 16:43:35.361615, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2508 [2011/10/11 16:43:35.361662, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk [2011/10/11 16:43:35.361704, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.361746, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk [2011/10/11 16:43:35.361788, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.361828, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.361875, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.361939, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ba5, type= 0x3, gen_id = 837, uid = 0, flags = 0, file_id 803:404316:0, name_hash = 0x4808115f [2011/10/11 16:43:35.362000, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (21).lnk fname=Server Manager (21).lnk (Server Manager (21).lnk) [2011/10/11 16:43:35.362048, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 6080 [2011/10/11 16:43:35.362089, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.362132, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (21).lnk -> 2354B88F -> S9SWSJ~Z.LNK (cache=1) [2011/10/11 16:43:35.362187, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2544 [2011/10/11 16:43:35.362234, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk [2011/10/11 16:43:35.362276, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.362317, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk [2011/10/11 16:43:35.362359, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.362399, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.362446, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.362509, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xfea5, type= 0x3, gen_id = 903, uid = 0, flags = 0, file_id 803:404317:0, name_hash = 0x215b619a [2011/10/11 16:43:35.362557, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (21).lnk fname=Windows PowerShell (21).lnk (Windows PowerShell (21).lnk) [2011/10/11 16:43:35.362603, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5940 [2011/10/11 16:43:35.362645, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.362688, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (21).lnk -> 79251EE1 -> WXM30F~5.LNK (cache=1) [2011/10/11 16:43:35.362742, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2576 [2011/10/11 16:43:35.362790, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk [2011/10/11 16:43:35.362832, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.362873, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk [2011/10/11 16:43:35.362915, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.362955, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.363002, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.363066, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9d25, type= 0x3, gen_id = 838, uid = 0, flags = 0, file_id 803:404318:0, name_hash = 0x310703aa [2011/10/11 16:43:35.363113, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (22).lnk fname=Server Manager (22).lnk (Server Manager (22).lnk) [2011/10/11 16:43:35.363173, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5792 [2011/10/11 16:43:35.363215, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.363259, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (22).lnk -> 2254B73A -> S9IX6W~Q.LNK (cache=1) [2011/10/11 16:43:35.363313, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2612 [2011/10/11 16:43:35.363361, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk [2011/10/11 16:43:35.363404, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.363445, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk [2011/10/11 16:43:35.363488, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.363528, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.363576, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.363640, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x25, type= 0x3, gen_id = 904, uid = 0, flags = 0, file_id 803:404319:0, name_hash = 0x7fc6add3 [2011/10/11 16:43:35.363687, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (22).lnk fname=Windows PowerShell (22).lnk (Windows PowerShell (22).lnk) [2011/10/11 16:43:35.363735, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5652 [2011/10/11 16:43:35.363776, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.363819, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (22).lnk -> 7C2523A8 -> WYG1TI~G.LNK (cache=1) [2011/10/11 16:43:35.363873, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2644 [2011/10/11 16:43:35.363921, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk [2011/10/11 16:43:35.363964, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.364005, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk [2011/10/11 16:43:35.364047, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.364088, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.364135, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.364198, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x9ea5, type= 0x3, gen_id = 839, uid = 0, flags = 0, file_id 803:40431a:0, name_hash = 0x55c86a8 [2011/10/11 16:43:35.364246, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (23).lnk fname=Server Manager (23).lnk (Server Manager (23).lnk) [2011/10/11 16:43:35.364293, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5504 [2011/10/11 16:43:35.364335, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.364392, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (23).lnk -> 2154B5A9 -> S98XL7~T.LNK (cache=1) [2011/10/11 16:43:35.364447, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2680 [2011/10/11 16:43:35.364494, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk [2011/10/11 16:43:35.364537, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.364579, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk [2011/10/11 16:43:35.364621, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.364662, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.364709, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.364828, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1a5, type= 0x3, gen_id = 905, uid = 0, flags = 0, file_id 803:40431b:0, name_hash = 0xc1c70b34 [2011/10/11 16:43:35.364877, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (23).lnk fname=Windows PowerShell (23).lnk (Windows PowerShell (23).lnk) [2011/10/11 16:43:35.364924, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5364 [2011/10/11 16:43:35.364965, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.365009, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (23).lnk -> 7B2521C7 -> WY627R~B.LNK (cache=1) [2011/10/11 16:43:35.365064, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2712 [2011/10/11 16:43:35.365112, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk [2011/10/11 16:43:35.365154, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.365196, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk [2011/10/11 16:43:35.365238, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.365278, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.365325, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.365402, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa025, type= 0x3, gen_id = 840, uid = 0, flags = 0, file_id 803:404321:0, name_hash = 0x8acd18fa [2011/10/11 16:43:35.365452, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (24).lnk fname=Server Manager (24).lnk (Server Manager (24).lnk) [2011/10/11 16:43:35.365499, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5216 [2011/10/11 16:43:35.365540, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.365584, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (24).lnk -> 2854C0AC -> SB6UT2~K.LNK (cache=1) [2011/10/11 16:43:35.365653, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2748 [2011/10/11 16:43:35.365701, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk [2011/10/11 16:43:35.365744, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.365786, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk [2011/10/11 16:43:35.365828, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.365869, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.365915, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.365979, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x325, type= 0x3, gen_id = 906, uid = 0, flags = 0, file_id 803:404322:0, name_hash = 0x2920e50d [2011/10/11 16:43:35.366027, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (24).lnk fname=Windows PowerShell (24).lnk (Windows PowerShell (24).lnk) [2011/10/11 16:43:35.366074, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 5076 [2011/10/11 16:43:35.366115, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.366159, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (24).lnk -> 7E25268E -> WZ010U~M.LNK (cache=1) [2011/10/11 16:43:35.366213, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2780 [2011/10/11 16:43:35.366261, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk [2011/10/11 16:43:35.366303, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.366344, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk [2011/10/11 16:43:35.366387, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.366427, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.366474, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.366537, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa1a5, type= 0x3, gen_id = 841, uid = 0, flags = 0, file_id 803:404323:0, name_hash = 0x57e57761 [2011/10/11 16:43:35.366585, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (25).lnk fname=Server Manager (25).lnk (Server Manager (25).lnk) [2011/10/11 16:43:35.366632, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4928 [2011/10/11 16:43:35.366674, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.366717, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (25).lnk -> 2754BEDB -> SAWV7B~V.LNK (cache=1) [2011/10/11 16:43:35.366772, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2816 [2011/10/11 16:43:35.366819, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk [2011/10/11 16:43:35.366876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.366918, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk [2011/10/11 16:43:35.366960, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.367000, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.367048, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.367112, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x4a5, type= 0x3, gen_id = 907, uid = 0, flags = 0, file_id 803:404324:0, name_hash = 0x4c50dd80 [2011/10/11 16:43:35.367159, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (25).lnk fname=Windows PowerShell (25).lnk (Windows PowerShell (25).lnk) [2011/10/11 16:43:35.367207, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4788 [2011/10/11 16:43:35.367248, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.367291, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (25).lnk -> 7D25253D -> WYQ1F7~H.LNK (cache=1) [2011/10/11 16:43:35.367346, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2848 [2011/10/11 16:43:35.367393, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk [2011/10/11 16:43:35.367436, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.367478, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk [2011/10/11 16:43:35.367520, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.367561, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.367607, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.367671, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa325, type= 0x3, gen_id = 842, uid = 0, flags = 0, file_id 803:404325:0, name_hash = 0xe9f90b3e [2011/10/11 16:43:35.367719, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (26).lnk fname=Server Manager (26).lnk (Server Manager (26).lnk) [2011/10/11 16:43:35.367767, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4640 [2011/10/11 16:43:35.367809, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.367852, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (26).lnk -> 2654BD76 -> SAMVLO~6.LNK (cache=1) [2011/10/11 16:43:35.367907, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2884 [2011/10/11 16:43:35.367954, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk [2011/10/11 16:43:35.367998, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.368039, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk [2011/10/11 16:43:35.368095, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.368136, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.368183, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.368247, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x625, type= 0x3, gen_id = 908, uid = 0, flags = 0, file_id 803:404326:0, name_hash = 0xd2ec17ce [2011/10/11 16:43:35.368295, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (26).lnk fname=Windows PowerShell (26).lnk (Windows PowerShell (26).lnk) [2011/10/11 16:43:35.368342, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4500 [2011/10/11 16:43:35.368384, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.368427, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (26).lnk -> 002529E4 -> W01G7A~C.LNK (cache=1) [2011/10/11 16:43:35.368481, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2916 [2011/10/11 16:43:35.368529, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk [2011/10/11 16:43:35.368572, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.368613, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk [2011/10/11 16:43:35.368655, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.368696, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.368743, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.368806, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa4a5, type= 0x3, gen_id = 843, uid = 0, flags = 0, file_id 803:404327:0, name_hash = 0x5a199423 [2011/10/11 16:43:35.368854, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (27).lnk fname=Server Manager (27).lnk (Server Manager (27).lnk) [2011/10/11 16:43:35.368901, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4352 [2011/10/11 16:43:35.368942, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.368986, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (27).lnk -> 2554BBE5 -> SACVZZ~9.LNK (cache=1) [2011/10/11 16:43:35.369039, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2952 [2011/10/11 16:43:35.369087, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk [2011/10/11 16:43:35.369130, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.369171, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk [2011/10/11 16:43:35.369501, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.369562, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.369614, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.369680, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x7a5, type= 0x3, gen_id = 909, uid = 0, flags = 0, file_id 803:404328:0, name_hash = 0xb80a4497 [2011/10/11 16:43:35.369730, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (27).lnk fname=Windows PowerShell (27).lnk (Windows PowerShell (27).lnk) [2011/10/11 16:43:35.369779, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4212 [2011/10/11 16:43:35.369821, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.369868, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (27).lnk -> 7F252813 -> WZA0MJ~7.LNK (cache=1) [2011/10/11 16:43:35.369927, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 2984 [2011/10/11 16:43:35.369977, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk [2011/10/11 16:43:35.370020, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.370061, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk [2011/10/11 16:43:35.370104, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.370145, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.370192, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.370256, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa625, type= 0x3, gen_id = 844, uid = 0, flags = 0, file_id 803:404329:0, name_hash = 0xd979a53f [2011/10/11 16:43:35.370304, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (28).lnk fname=Server Manager (28).lnk (Server Manager (28).lnk) [2011/10/11 16:43:35.370351, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 4064 [2011/10/11 16:43:35.370393, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.370437, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (28).lnk -> 2C54C6F8 -> SCAT7U~G.LNK (cache=1) [2011/10/11 16:43:35.370492, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3020 [2011/10/11 16:43:35.370539, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk [2011/10/11 16:43:35.370583, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.370624, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk [2011/10/11 16:43:35.370666, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.370707, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.370754, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.370831, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x925, type= 0x3, gen_id = 910, uid = 0, flags = 0, file_id 803:40432a:0, name_hash = 0x59fd0893 [2011/10/11 16:43:35.370880, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (28).lnk fname=Windows PowerShell (28).lnk (Windows PowerShell (28).lnk) [2011/10/11 16:43:35.370927, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3924 [2011/10/11 16:43:35.370968, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.371011, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (28).lnk -> 722513EA -> WVO5SK~Q.LNK (cache=1) [2011/10/11 16:43:35.371065, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3052 [2011/10/11 16:43:35.371113, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk [2011/10/11 16:43:35.371155, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.371196, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk [2011/10/11 16:43:35.371239, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.371279, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.371325, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.371388, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xa7a5, type= 0x3, gen_id = 845, uid = 0, flags = 0, file_id 803:40432b:0, name_hash = 0x574b1b52 [2011/10/11 16:43:35.371436, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (29).lnk fname=Server Manager (29).lnk (Server Manager (29).lnk) [2011/10/11 16:43:35.371483, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3776 [2011/10/11 16:43:35.371524, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.371567, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (29).lnk -> 2B54C517 -> SC0TM3~B.LNK (cache=1) [2011/10/11 16:43:35.371748, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3088 [2011/10/11 16:43:35.371797, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk [2011/10/11 16:43:35.371840, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.371881, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk [2011/10/11 16:43:35.371923, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.372034, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.372082, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.372150, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaa5, type= 0x3, gen_id = 911, uid = 0, flags = 0, file_id 803:40432c:0, name_hash = 0x532fd912 [2011/10/11 16:43:35.372214, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (29).lnk fname=Windows PowerShell (29).lnk (Windows PowerShell (29).lnk) [2011/10/11 16:43:35.372263, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3636 [2011/10/11 16:43:35.372305, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.372350, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (29).lnk -> 71251219 -> WVE66U~1.LNK (cache=1) [2011/10/11 16:43:35.372405, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3120 [2011/10/11 16:43:35.372453, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk [2011/10/11 16:43:35.372496, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.372537, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk [2011/10/11 16:43:35.372580, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.372620, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.372667, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.372731, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaaa5, type= 0x3, gen_id = 847, uid = 0, flags = 0, file_id 803:40432d:0, name_hash = 0x11561aca [2011/10/11 16:43:35.372779, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (30).lnk fname=Server Manager (30).lnk (Server Manager (30).lnk) [2011/10/11 16:43:35.372826, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3488 [2011/10/11 16:43:35.372868, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.372911, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (30).lnk -> 1E527219 -> S8EVML~5.LNK (cache=1) [2011/10/11 16:43:35.372966, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3156 [2011/10/11 16:43:35.373013, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk [2011/10/11 16:43:35.373056, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.373098, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk [2011/10/11 16:43:35.373140, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.373180, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.373227, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.373291, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xda5, type= 0x3, gen_id = 913, uid = 0, flags = 0, file_id 803:40432e:0, name_hash = 0x77f7f64e [2011/10/11 16:43:35.373339, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (30).lnk fname=Windows PowerShell (30).lnk (Windows PowerShell (30).lnk) [2011/10/11 16:43:35.373420, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3348 [2011/10/11 16:43:35.373463, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.373507, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (30).lnk -> 7422D87B -> WW81UG~R.LNK (cache=1) [2011/10/11 16:43:35.373562, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3188 [2011/10/11 16:43:35.373609, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk [2011/10/11 16:43:35.373652, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.373693, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk [2011/10/11 16:43:35.373736, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.373776, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.373823, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.373887, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xac25, type= 0x3, gen_id = 848, uid = 0, flags = 0, file_id 803:40432f:0, name_hash = 0x4a7c5015 [2011/10/11 16:43:35.373938, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (31).lnk fname=Server Manager (31).lnk (Server Manager (31).lnk) [2011/10/11 16:43:35.373985, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3200 [2011/10/11 16:43:35.374026, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.374070, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (31).lnk -> 1F5273EA -> S8OV8B~U.LNK (cache=1) [2011/10/11 16:43:35.374125, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3224 [2011/10/11 16:43:35.374172, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk [2011/10/11 16:43:35.374214, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.374256, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk [2011/10/11 16:43:35.374298, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.374338, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.374385, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.374449, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xf25, type= 0x3, gen_id = 914, uid = 0, flags = 0, file_id 803:404330:0, name_hash = 0x1acada29 [2011/10/11 16:43:35.374497, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (31).lnk fname=Windows PowerShell (31).lnk (Windows PowerShell (31).lnk) [2011/10/11 16:43:35.374544, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 3060 [2011/10/11 16:43:35.374599, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.374643, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (31).lnk -> 7522D9CC -> WWI1G3~W.LNK (cache=1) [2011/10/11 16:43:35.374697, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3256 [2011/10/11 16:43:35.374744, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk [2011/10/11 16:43:35.374787, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.374828, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk [2011/10/11 16:43:35.374870, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.374911, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.374957, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.375020, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xada5, type= 0x3, gen_id = 849, uid = 0, flags = 0, file_id 803:404331:0, name_hash = 0xf8ab53d1 [2011/10/11 16:43:35.375068, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (32).lnk fname=Server Manager (32).lnk (Server Manager (32).lnk) [2011/10/11 16:43:35.375115, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2912 [2011/10/11 16:43:35.375157, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.375200, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (32).lnk -> 2052757F -> S8YUU0~V.LNK (cache=1) [2011/10/11 16:43:35.375255, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3292 [2011/10/11 16:43:35.375302, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk [2011/10/11 16:43:35.375344, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.375386, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk [2011/10/11 16:43:35.375428, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.375469, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.375515, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.375579, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x10a5, type= 0x3, gen_id = 915, uid = 0, flags = 0, file_id 803:404332:0, name_hash = 0x1c1d5333 [2011/10/11 16:43:35.375627, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (32).lnk fname=Windows PowerShell (32).lnk (Windows PowerShell (32).lnk) [2011/10/11 16:43:35.375674, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2772 [2011/10/11 16:43:35.375715, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.375758, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (32).lnk -> 7222D505 -> WVO2N0~L.LNK (cache=1) [2011/10/11 16:43:35.375827, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3324 [2011/10/11 16:43:35.375874, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk [2011/10/11 16:43:35.375917, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.375958, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk [2011/10/11 16:43:35.376000, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.376040, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.376087, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.376150, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xaf25, type= 0x3, gen_id = 850, uid = 0, flags = 0, file_id 803:404333:0, name_hash = 0x79dea1e4 [2011/10/11 16:43:35.376198, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (33).lnk fname=Server Manager (33).lnk (Server Manager (33).lnk) [2011/10/11 16:43:35.376245, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2624 [2011/10/11 16:43:35.376286, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.376330, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (33).lnk -> 215276C0 -> S98UFN~K.LNK (cache=1) [2011/10/11 16:43:35.376384, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3360 [2011/10/11 16:43:35.376431, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk [2011/10/11 16:43:35.376474, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.376515, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk [2011/10/11 16:43:35.376557, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.376598, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.376644, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.376708, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1225, type= 0x3, gen_id = 916, uid = 0, flags = 0, file_id 803:404334:0, name_hash = 0xc8a13f00 [2011/10/11 16:43:35.376756, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (33).lnk fname=Windows PowerShell (33).lnk (Windows PowerShell (33).lnk) [2011/10/11 16:43:35.376803, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2484 [2011/10/11 16:43:35.376844, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.376888, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (33).lnk -> 7322D696 -> WVY28P~I.LNK (cache=1) [2011/10/11 16:43:35.376942, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3392 [2011/10/11 16:43:35.377003, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk [2011/10/11 16:43:35.377047, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.377088, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk [2011/10/11 16:43:35.377131, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.377171, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.377218, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.377282, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb0a5, type= 0x3, gen_id = 851, uid = 0, flags = 0, file_id 803:404335:0, name_hash = 0x73546e30 [2011/10/11 16:43:35.377330, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (34).lnk fname=Server Manager (34).lnk (Server Manager (34).lnk) [2011/10/11 16:43:35.377393, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2336 [2011/10/11 16:43:35.377436, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.377480, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (34).lnk -> 22527855 -> S9IU1C~L.LNK (cache=1) [2011/10/11 16:43:35.377535, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3428 [2011/10/11 16:43:35.377583, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk [2011/10/11 16:43:35.377626, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.377667, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk [2011/10/11 16:43:35.377710, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.377751, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.377798, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.377863, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x13a5, type= 0x3, gen_id = 917, uid = 0, flags = 0, file_id 803:404336:0, name_hash = 0x1b60bce8 [2011/10/11 16:43:35.377911, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (34).lnk fname=Windows PowerShell (34).lnk (Windows PowerShell (34).lnk) [2011/10/11 16:43:35.377958, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2196 [2011/10/11 16:43:35.377999, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.378043, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (34).lnk -> 7022D22F -> WV43FO~V.LNK (cache=1) [2011/10/11 16:43:35.378097, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3460 [2011/10/11 16:43:35.378145, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk [2011/10/11 16:43:35.378188, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.378244, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk [2011/10/11 16:43:35.378286, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.378327, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.378374, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.378437, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb225, type= 0x3, gen_id = 852, uid = 0, flags = 0, file_id 803:404338:0, name_hash = 0x9a0511b6 [2011/10/11 16:43:35.378485, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (35).lnk fname=Server Manager (35).lnk (Server Manager (35).lnk) [2011/10/11 16:43:35.378532, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 2048 [2011/10/11 16:43:35.378573, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.378617, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (35).lnk -> 23527A26 -> S9STN3~A.LNK (cache=1) [2011/10/11 16:43:35.378671, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3496 [2011/10/11 16:43:35.378718, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk [2011/10/11 16:43:35.378761, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.378802, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk [2011/10/11 16:43:35.378845, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.378885, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.378932, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.378995, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1525, type= 0x3, gen_id = 918, uid = 0, flags = 0, file_id 803:404339:0, name_hash = 0x8a6a4957 [2011/10/11 16:43:35.379043, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (35).lnk fname=Windows PowerShell (35).lnk (Windows PowerShell (35).lnk) [2011/10/11 16:43:35.379090, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1908 [2011/10/11 16:43:35.379131, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.379175, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (35).lnk -> 7122D3B0 -> WVE31D~C.LNK (cache=1) [2011/10/11 16:43:35.379228, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3528 [2011/10/11 16:43:35.379276, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk [2011/10/11 16:43:35.379318, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.379359, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk [2011/10/11 16:43:35.379415, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.379456, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.379503, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.379569, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb3a5, type= 0x3, gen_id = 853, uid = 0, flags = 0, file_id 803:40433a:0, name_hash = 0xb66c4cd3 [2011/10/11 16:43:35.379617, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (36).lnk fname=Server Manager (36).lnk (Server Manager (36).lnk) [2011/10/11 16:43:35.379664, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1760 [2011/10/11 16:43:35.379706, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.379750, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (36).lnk -> 24527B8B -> SA2T8Q~Z.LNK (cache=1) [2011/10/11 16:43:35.379804, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3564 [2011/10/11 16:43:35.379851, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk [2011/10/11 16:43:35.379894, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.379936, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk [2011/10/11 16:43:35.379978, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.380019, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.380065, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.380129, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x16a5, type= 0x3, gen_id = 919, uid = 0, flags = 0, file_id 803:40433b:0, name_hash = 0x3581512a [2011/10/11 16:43:35.380178, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (36).lnk fname=Windows PowerShell (36).lnk (Windows PowerShell (36).lnk) [2011/10/11 16:43:35.380225, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1620 [2011/10/11 16:43:35.380267, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.380310, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (36).lnk -> 6E22CEC9 -> WUK489~5.LNK (cache=1) [2011/10/11 16:43:35.380365, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3596 [2011/10/11 16:43:35.380412, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk [2011/10/11 16:43:35.380455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.380497, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk [2011/10/11 16:43:35.380539, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.380579, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.380626, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.380704, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0xb525, type= 0x3, gen_id = 854, uid = 0, flags = 0, file_id 803:40433c:0, name_hash = 0xdd212722 [2011/10/11 16:43:35.380752, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (37).lnk fname=Server Manager (37).lnk (Server Manager (37).lnk) [2011/10/11 16:43:35.380800, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1472 [2011/10/11 16:43:35.380841, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.380884, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Server Manager (37).lnk -> 25527D1C -> SACSUF~W.LNK (cache=1) [2011/10/11 16:43:35.380938, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3632 [2011/10/11 16:43:35.380985, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk [2011/10/11 16:43:35.381028, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.381069, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk [2011/10/11 16:43:35.381111, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.381151, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.381198, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 07:37:07 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.381262, 10] locking/locking.c:728(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 8659, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x1825, type= 0x3, gen_id = 920, uid = 0, flags = 0, file_id 803:40433d:0, name_hash = 0x1755dcbf [2011/10/11 16:43:35.381309, 3] smbd/dir.c:1023(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Windows PowerShell (37).lnk fname=Windows PowerShell (37).lnk (Windows PowerShell (37).lnk) [2011/10/11 16:43:35.381357, 10] smbd/trans2.c:1577(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 1332 [2011/10/11 16:43:35.381413, 10] smbd/trans2.c:1726(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2011/10/11 16:43:35.381456, 10] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: Windows PowerShell (37).lnk -> 6F22D05A -> WUU3TY~2.LNK (cache=1) [2011/10/11 16:43:35.381511, 6] smbd/dir.c:951(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fc9b0d8cac0 now at offset 3664 [2011/10/11 16:43:35.381558, 8] smbd/dosmode.c:621(dos_mode) dos_mode: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk [2011/10/11 16:43:35.381601, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2011/10/11 16:43:35.381642, 8] lib/util.c:1319(is_in_path) is_in_path: ando/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Server Manager (38).lnk [2011/10/11 16:43:35.381685, 8] lib/util.c:1343(is_in_path) is_in_path: match not found [2011/10/11 16:43:35.381725, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2011/10/11 16:43:35.381772, 10] locking/locking.c:666(parse_share_modes) parse_share_modes: owrt: Tue Jul 14 06:58:28 2009 CEST, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2011/10/11 16:43:35.381835, 10] locking/locking.c:728(parse_share_modes)