hi list,
i made some tests with 3.0.20.rc1 and rc2
seems to work stable except of one thing: managing users/groups with
usrmgr.exe
on both rc1 and rc2 the following situation occurs:
- login the domain as administrator (no matter of being uid=0 or having
SE-rights to manage machines/accounts)
- start usrmgr.exe from reskit on winxp sp2
- error message appears immediately "The
procedure number is out of range - Do you want to administrate another
domain?"
i rolled back to 3.0.14a from SuSE Sles9 - then it's working without
changes to samba or the client.
i appended a log file, where i started logging shortly before opening
usrmgr.exe - some failures about regkeys seem to be unnormal, although i
have write access to them.
i hope my post is helpful!
greez
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
-------------- next part --------------
[global]
workgroup = TUX-NET
server string = Primary Domain Controller
netbios name = PDC
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
load printers = yes
admin users = @"Domain Admins" root
# passdb backend = ldapsam:ldap://localhost:389
passdb backend = tdbsam
ldap admin dn = cn=manager,dc=tux-net,dc=de
ldap suffix = dc=tux-net,dc=de
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
domain logons = yes
domain master = yes
local master = yes
wins support = yes
# enable privileges = yes
log level = 5
logfile = /var/log/samba/log.%m
logon path logon home = \\fileserver\%U
logon drive = H:
logon script = %U.bat
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
guest account = gast
[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
writeable = yes
-------------- next part --------------
[2005/07/01 02:39:00, 3] smbd/process.c:process_smb(1114)
Transaction 124 of length 43
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(464)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=109
smb_mid=7936
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:00, 3] smbd/process.c:switch_message(900)
switch message SMBulogoffX (pid 21615) conn 0x0
[2005/07/01 02:39:00, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:00, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:00, 5] auth/auth_util.c:free_server_info(1387)
attempting to free (and zero) a server_info structure
[2005/07/01 02:39:00, 3] smbd/reply.c:reply_ulogoffX(1560)
ulogoffX vuid=109
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(464)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=109
smb_mid=7936
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:00, 3] smbd/process.c:process_smb(1114)
Transaction 125 of length 39
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(464)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=109
smb_mid=8000
smt_wct=0
smb_bcc=0
[2005/07/01 02:39:00, 3] smbd/process.c:switch_message(900)
switch message SMBtdis (pid 21615) conn 0x83a2868
[2005/07/01 02:39:00, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:00, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:00, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:00, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:00, 3] smbd/service.c:close_cnum(835)
zent58nt (10.0.10.40) closed connection to service IPC$
[2005/07/01 02:39:00, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/07/01 02:39:00, 4] smbd/vfs.c:vfs_ChDir(737)
vfs_ChDir to /
[2005/07/01 02:39:00, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:00, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:00, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:00, 5] lib/util.c:show_msg(464)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=109
smb_mid=8000
smt_wct=0
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 126 of length 240
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=8064
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 1 (0x1)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBsesssetupX (pid 21615) conn 0x0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751)
wct=12 flg2=0xc807
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588)
Doing spnego session setup
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_spnego_negotiate(480)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_spnego_negotiate(483)
Got secblob of size 40
[2005/07/01 02:39:16, 5] auth/auth.c:make_auth_context_subsystem(482)
Making default auth method list for DC, security=user, encrypt passwords = yes
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(389)
load_auth_module: Attempting to find an auth method to match guest
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(414)
load_auth_module: auth method guest has a valid init
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(389)
load_auth_module: Attempting to find an auth method to match sam
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(414)
load_auth_module: auth method sam has a valid init
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(389)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(389)
load_auth_module: Attempting to find an auth method to match trustdomain
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(414)
load_auth_module: auth method trustdomain has a valid init
[2005/07/01 02:39:16, 5] auth/auth.c:load_auth_module(414)
load_auth_module: auth method winbind has a valid init
[2005/07/01 02:39:16, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/07/01 02:39:16, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2005/07/01 02:39:16, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2005/07/01 02:39:16, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2005/07/01 02:39:16, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
[2005/07/01 02:39:16, 5] auth/auth.c:get_ntlm_challenge(136)
challenge is:
[2005/07/01 02:39:16, 5] lib/util.c:dump_data(2053)
[000] A9 72 C4 57 2B EF 28 5E .r.W+.(^
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=280
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=110
smb_mid=8064
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 161 (0xA1)
smb_bcc=237
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 127 of length 352
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=348
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=110
smb_mid=8128
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 348 (0x15C)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 1 (0x1)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 186 (0xBA)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=289
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBsesssetupX (pid 21615) conn 0x0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751)
wct=12 flg2=0xc807
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588)
Doing spnego session setup
[2005/07/01 02:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/07/01 02:39:16, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[root] domain=[TUX-NET] workstation=[ZENT58NT] len1=24 len2=24
[2005/07/01 02:39:16, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2005/07/01 02:39:16, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2005/07/01 02:39:16, 5] lib/util.c:dump_data(2053)
[000] DC 08 50 35 F0 97 65 A2 ..P5..e.
[2005/07/01 02:39:16, 5] auth/auth_util.c:make_user_info_map(191)
make_user_info_map: Mapping user [TUX-NET]\[root] from workstation [ZENT58NT]
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] smbd/uid.c:push_conn_ctx(388)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 5] auth/auth_util.c:is_trusted_domain(1541)
is_trusted_domain: Checking for domain trust with [TUX-NET]
[2005/07/01 02:39:16, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(325)
secrets_fetch failed!
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain TUX-NET found.
[2005/07/01 02:39:16, 5] auth/auth_util.c:make_user_info(99)
attempting to make a user_info for root (root)
[2005/07/01 02:39:16, 5] auth/auth_util.c:make_user_info(109)
making strings for root's user_info struct
[2005/07/01 02:39:16, 5] auth/auth_util.c:make_user_info(151)
making blobs for root's user_info struct
[2005/07/01 02:39:16, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[TUX-NET]\[root]@[ZENT58NT] with the new password interface
[2005/07/01 02:39:16, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [TUX-NET]\[root]@[ZENT58NT]
[2005/07/01 02:39:16, 5] lib/util.c:dump_data(2053)
[000] DC 08 50 35 F0 97 65 A2 ..P5..e.
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] smbd/uid.c:push_conn_ctx(388)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2005/07/01 02:39:16, 4] auth/auth_sam.c:sam_account_ok(120)
sam_account_ok: Checking SMB password for user root
[2005/07/01 02:39:16, 5] auth/auth_sam.c:logon_hours_ok(102)
logon_hours_ok: user root allowed to logon at this time (Fri Jul 1 02:39:16
2005
)
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] smbd/uid.c:push_conn_ctx(388)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/07/01 02:39:16, 3] smbd/uid.c:push_conn_ctx(388)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232)
fetch sid from gid cache 0 -> S-1-5-21-3860602807-756620006-1355641923-1001
[2005/07/01 02:39:16, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232)
fetch sid from gid cache 100 ->
S-1-5-21-3860602807-756620006-1355641923-1201
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:make_server_info_sam(829)
make_server_info_sam: made server info for user root -> root
[2005/07/01 02:39:16, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [root] succeeded
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 3] smbd/uid.c:push_conn_ctx(388)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth.c:check_ntlm_password(294)
check_ntlm_password: PAM Account for user [root] succeeded
[2005/07/01 02:39:16, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2005/07/01 02:39:16, 5] auth/auth_util.c:free_user_info(1361)
attempting to free (and zero) a user_info structure
[2005/07/01 02:39:16, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/07/01 02:39:16, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/07/01 02:39:16, 3] smbd/password.c:register_vuid(257)
User name: root Real name: root
[2005/07/01 02:39:16, 3] smbd/password.c:register_vuid(276)
UNIX uid 0 is UNIX user root, and will be vuid 111
[2005/07/01 02:39:16, 3] smbd/password.c:register_vuid(305)
Adding homes service for user 'root' using home directory:
'/root'
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=128
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=111
smb_mid=8128
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=85
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 128 of length 76
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=72
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=111
smb_mid=8192
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 8 (0x8)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=29
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtconX (pid 21615) conn 0x0
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 4] smbd/reply.c:reply_tcon_and_X(618)
Client requested device type [?????] for share [IPC$]
[2005/07/01 02:39:16, 5] smbd/service.c:make_connection(811)
making a connection to 'normal' service ipc$
[2005/07/01 02:39:16, 5] lib/username.c:Get_Pwnam_alloc(313)
Finding user root
[2005/07/01 02:39:16, 5] lib/username.c:Get_Pwnam_internals(262)
Trying _Get_Pwnam(), username as lowercase is root
[2005/07/01 02:39:16, 5] lib/username.c:Get_Pwnam_internals(290)
Get_Pwnam_internals did find user [root]!
[2005/07/01 02:39:16, 3] smbd/service.c:make_connection_snum(477)
Connect path is '/var/tmp' for service [IPC$]
[2005/07/01 02:39:16, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
get_share_security: using default secdesc for IPC$
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(250)
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-3860602807-756620006-1355641923-1000
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1001
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1201
[2005/07/01 02:39:16, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (2) granted.
[2005/07/01 02:39:16, 3] smbd/vfs.c:vfs_init_default(215)
Initialising default vfs hooks
[2005/07/01 02:39:16, 5] smbd/connection.c:claim_connection(170)
claiming IPC$ 0
[2005/07/01 02:39:16, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
get_share_security: using default secdesc for IPC$
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(250)
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-3860602807-756620006-1355641923-1000
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1001
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1201
[2005/07/01 02:39:16, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (1) granted.
[2005/07/01 02:39:16, 5] lib/username.c:user_in_netgroup_list(374)
looking for user root of domain in netgroup Domain Admins
[2005/07/01 02:39:16, 5] lib/username.c:user_in_netgroup_list(390)
looking for user root of domain in netgroup Domain Admins
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(457)
NT user token of user S-1-5-21-3860602807-756620006-1355641923-1000
contains 7 SIDs
SID[ 0]: S-1-5-21-3860602807-756620006-1355641923-1000
SID[ 1]: S-1-5-21-3860602807-756620006-1355641923-512
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-3860602807-756620006-1355641923-1001
SID[ 6]: S-1-5-21-3860602807-756620006-1355641923-1201
SE_PRIV 0x0 0x0 0x0 0x0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 2 supplementary groups
Group[ 0]: 0
Group[ 1]: 100
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_user(304)
change_to_user uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 3] smbd/service.c:make_connection_snum(662)
zent58nt (10.0.10.40) connect to service IPC$ initially as user root (uid=0,
gid=0) (pid 21615)
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 3] smbd/reply.c:reply_tcon_and_X(666)
tconX service=IPC$
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8192
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 1 (0x1)
smb_bcc=7
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 129 of length 104
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8256
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=17
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBntcreateX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_nt_user_token(457)
NT user token of user S-1-5-21-3860602807-756620006-1355641923-1000
contains 7 SIDs
SID[ 0]: S-1-5-21-3860602807-756620006-1355641923-1000
SID[ 1]: S-1-5-21-3860602807-756620006-1355641923-512
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-3860602807-756620006-1355641923-1001
SID[ 6]: S-1-5-21-3860602807-756620006-1355641923-1201
SE_PRIV 0x0 0x0 0x0 0x0
[2005/07/01 02:39:16, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 2 supplementary groups
Group[ 0]: 0
Group[ 1]: 100
[2005/07/01 02:39:16, 5] smbd/uid.c:change_to_user(304)
change_to_user uid=(0,0) gid=(0,0)
[2005/07/01 02:39:16, 4] smbd/vfs.c:vfs_ChDir(737)
vfs_ChDir to /var/tmp
[2005/07/01 02:39:16, 4] smbd/nttrans.c:nt_open_pipe(330)
nt_open_pipe: Opening pipe \winreg.
[2005/07/01 02:39:16, 3] smbd/nttrans.c:nt_open_pipe(351)
nt_open_pipe: Known pipe winreg opening.
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178)
Open pipe requested winreg (pipes_open=1)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205)
open_rpc_pipe_p: name winreg pnum=7412
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278)
Create pipe requested winreg
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370)
Created internal pipe winreg (pipes_open=1)
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257)
Opened pipe winreg with handle 7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
open pipes: name winreg pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
open pipes: name winreg pnum=7412
[2005/07/01 02:39:16, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400)
do_ntcreate_pipe_open: open pipe = \winreg
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8256
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 6144 (0x1800)
smb_vwv[ 3]= 372 (0x174)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 130 of length 140
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8320
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29720 (0x7418)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBwriteX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 0b
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0048
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(880)
api_pipe_bind_req: decode request. 880
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(891)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_rb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0000 max_tsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0002 max_rsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 assoc_gid: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0008 num_contexts: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000c context_id : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
000e num_transfer_syntaxes: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 data : 338cd001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 data : 2244
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0016 data : 31f1
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
0018 data : aa aa
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
001a data : 90 00 38 00 10 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 version: 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0024 data : 8a885d04
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0028 data : 1ceb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
002a data : 11c9
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002c data : 9f e8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002e data : 08 00 2b 10 48 60
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0034 version: 00000002
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1030)
api_pipe_bind_req: make response. 1030
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe.c:check_bind_req(765)
check_bind_req for \PIPE\winreg
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_ba
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0000 max_tsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0002 max_rsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 assoc_gid: 000053f0
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 len: 000d
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000a str: \PIPE\winreg.
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0018 num_results: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
001c result : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
001e reason : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 data : 8a885d04
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0024 data : 1ceb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0026 data : 11c9
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
0028 data : 9f e8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002a data : 08 00 2b 10 48 60
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0030 version: 00000002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 0c
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0044
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 3] smbd/pipes.c:reply_pipe_write_and_X(207)
writeX-IPC pnum=7418 nwritten=72
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8320
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 131 of length 63
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8384
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29720 (0x7418)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBreadX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/pipes.c:reply_pipe_read_and_X(252)
readX-IPC pnum=7418 min=1024 max=1024 nread=68
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8384
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 132 of length 124
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8448
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 36 (0x24)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29720 (0x7418)
smb_bcc=53
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7418)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0024
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_req req
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 alloc_hint: 0000000c
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0004 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0006 opnum : 0002
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 70
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_request(1509)
Requested \PIPE\winreg
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 reg_io_q_open_hive
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 ptr: 0006e180
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0004 server: 9d90
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0008 access: 02000000
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(250)
[2005/07/01 02:39:16, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-3860602807-756620006-1355641923-1000
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1001
se_access_check: also S-1-5-21-3860602807-756620006-1355641923-1201
[2005/07/01 02:39:16, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[3] [000] 00 00 00 00 08 00 00 00 00 00 00 00 B4 90 C4 42
........ .......B
[010] 6F 54 00 00 oT..
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 reg_io_r_open_hive
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 data1: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 data2: 00000008
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 data3: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a data4: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000c data5: b4 90 c4 42 6f 54 00 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_werror(729)
0014 status: WERR_OK
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590)
api_rpcTNP: called winreg successfully
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 510
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 02
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0030
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000018
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8448
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 133 of length 308
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=304
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8512
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 220 (0xDC)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 220 (0xDC)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29720 (0x7418)
smb_bcc=237
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=220 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7418)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 00dc
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000002
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_req req
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 alloc_hint: 000000c4
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0004 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0006 opnum : 000f
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 0
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_request(1509)
Requested \PIPE\winreg
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 reg_io_q_open_entry
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 data1: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 data2: 00000008
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 data3: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a data4: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000c data5: b4 90 c4 42 6f 54 00 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 length: 0094
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0016 size: 0094
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0018 ptr: 76b730b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c uni_max_len: 0000004a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 offset : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0024 uni_str_len: 0000004a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
0028 buffer :
S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.T.e.r.m.i.n.a.l.
.S.e.r.v.e.r.\.D.e.f.a.u.l.t.U.s.e.r.C.o.n.f.i.g.u.r.a.t.i.o.n...
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00bc unknown_0 : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00c0 access: 00020019
[2005/07/01 02:39:16, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 B4 90 C4 42
........ .......B
[010] 6F 54 00 00 oT..
[2005/07/01 02:39:16, 5] registry/reg_db.c:regdb_fetch_keys(379)
regdb_fetch_keys: tdb lookup failed to locate key
[HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 reg_io_r_open_entry
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 data1: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 data2: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 data3: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a data4: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000c data5: 00 00 00 00 00 00 00 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_werror(729)
0014 status: WERR_BADFILE
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590)
api_rpcTNP: called winreg successfully
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 164
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 02
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0030
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000018
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8512
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 134 of length 328
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=324
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8576
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 240 (0xF0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 240 (0xF0)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29720 (0x7418)
smb_bcc=257
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=240 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7418)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 00f0
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000003
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_req req
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 alloc_hint: 000000d8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0004 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0006 opnum : 0006
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 0
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_request(1509)
Requested \PIPE\winreg
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
api_rpcTNP: winreg op 0x6 - api_rpcTNP: rpc command: REG_CREATE_KEY_EX
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 reg_io_q_create_key_ex
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 data1: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 data2: 00000008
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 data3: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a data4: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000c data5: b4 90 c4 42 6f 54 00 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 length: 0094
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0016 size: 0094
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0018 ptr: 76b730b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c uni_max_len: 0000004a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 offset : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0024 uni_str_len: 0000004a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
0028 buffer :
S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.T.e.r.m.i.n.a.l.
.S.e.r.v.e.r.\.D.e.f.a.u.l.t.U.s.e.r.C.o.n.f.i.g.u.r.a.t.i.o.n...
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
00bc length: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
00be size: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00c0 ptr: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00c4 reserved: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00c8 access: 000f003f
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00cc ptr: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00d0 ptr2: 0006e1ec
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
00d4 buf_max_len: 0006ee48
[2005/07/01 02:39:16, 0] rpc_parse/parse_prs.c:prs_mem_get(533)
prs_mem_get: reading data of size 4 would overrun buffer.
[2005/07/01 02:39:16, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572)
api_rpcTNP: winreg: REG_CREATE_KEY_EX failed.
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 164
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:process_complete_pdu(751)
process_complete_pdu: DCE/RPC fault sent on pipe winreg
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 23
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0020
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000003
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000018 smb_io_rpc_hdr_fault fault
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_ntstatus(699)
0018 status : NT code 0x1c010002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c reserved: 00000000
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..32]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=88
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8576
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 32 (0x20)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 32 (0x20)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=33
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 135 of length 132
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8640
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29720 (0x7418)
smb_bcc=61
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7418)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 002c
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000004
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 23
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0020
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000004
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000018 smb_io_rpc_hdr_fault fault
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_ntstatus(699)
0018 status : NT code 0x1c010002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c reserved: 00000000
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..32]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=88
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8640
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 32 (0x20)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 32 (0x20)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=33
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 136 of length 104
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8704
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]=16384 (0x4000)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 256 (0x100)
smb_bcc=17
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBntcreateX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] smbd/nttrans.c:nt_open_pipe(330)
nt_open_pipe: Opening pipe \srvsvc.
[2005/07/01 02:39:16, 3] smbd/nttrans.c:nt_open_pipe(351)
nt_open_pipe: Known pipe srvsvc opening.
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178)
Open pipe requested srvsvc (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205)
open_rpc_pipe_p: name winreg pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205)
open_rpc_pipe_p: name winreg pnum=7412
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278)
Create pipe requested srvsvc
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370)
Created internal pipe srvsvc (pipes_open=2)
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257)
Opened pipe srvsvc with handle 7419 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
open pipes: name srvsvc pnum=7419
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
open pipes: name winreg pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
open pipes: name winreg pnum=7412
[2005/07/01 02:39:16, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400)
do_ntcreate_pipe_open: open pipe = \srvsvc
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8704
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 6400 (0x1900)
smb_vwv[ 3]= 372 (0x174)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 137 of length 140
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8768
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29721 (0x7419)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBwriteX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7419
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name srvsvc pnum=7419 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 0b
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0048
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(880)
api_pipe_bind_req: decode request. 880
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(891)
api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_rb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0000 max_tsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0002 max_rsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 assoc_gid: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0008 num_contexts: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000c context_id : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
000e num_transfer_syntaxes: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 data : 4b324fc8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 data : 1670
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0016 data : 01d3
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
0018 data : 12 78
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
001a data : 5a 47 bf 6e e1 88
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 version: 00000003
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0024 data : 8a885d04
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0028 data : 1ceb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
002a data : 11c9
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002c data : 9f e8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002e data : 08 00 2b 10 48 60
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0034 version: 00000002
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1030)
api_pipe_bind_req: make response. 1030
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe.c:check_bind_req(765)
check_bind_req for \PIPE\srvsvc
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_ba
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0000 max_tsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0002 max_rsize: 10b8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 assoc_gid: 000053f0
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 len: 000d
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
000a str: \PIPE\ntsvcs.
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0018 num_results: 01
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
001c result : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
001e reason : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 data : 8a885d04
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0024 data : 1ceb
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0026 data : 11c9
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
0028 data : 9f e8
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
002a data : 08 00 2b 10 48 60
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0030 version: 00000002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 0c
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0044
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 3] smbd/pipes.c:reply_pipe_write_and_X(207)
writeX-IPC pnum=7419 nwritten=72
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8768
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 138 of length 63
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8832
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29721 (0x7419)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBreadX (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7419
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name srvsvc pnum=7419 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=3)
[2005/07/01 02:39:16, 3] smbd/pipes.c:reply_pipe_read_and_X(252)
readX-IPC pnum=7419 min=1024 max=1024 nread=68
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8832
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 139 of length 144
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=140
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8896
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 56 (0x38)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 56 (0x38)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29721 (0x7419)
smb_bcc=73
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=56 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7419
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name srvsvc pnum=7419 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=3)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "srvsvc" (pnum 7419)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0038
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr_req req
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 alloc_hint: 00000020
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0004 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0006 opnum : 0015
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 70
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_pipe_request(1509)
Requested \PIPE\srvsvc
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 srv_io_q_net_srv_get_info
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 ptr_srv_name : 0006da7c
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 uni_max_len: 00000006
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0008 offset : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c uni_str_len: 00000006
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
0010 buffer : \.\.P.D.C...
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c switch_value : 00000065
[2005/07/01 02:39:16, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1212)
srv_net_srv_get_info: 1212
[2005/07/01 02:39:16, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809)
init_srv_info_101
[2005/07/01 02:39:16, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044)
init_srv_r_net_srv_get_info
[2005/07/01 02:39:16, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1257)
srv_net_srv_get_info: 1257
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 srv_io_r_net_srv_get_info
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0000 switch_value: 00000065
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0004 ptr_srv_ctr : 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0008 platform_id : 000001f4
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c ptr_name : 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 ver_major : 00000004
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0014 ver_minor : 00000009
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0018 srv_type : 00009a0b
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c ptr_comment : 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0020 uni_max_len: 00000004
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0024 offset : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0028 uni_str_len: 00000004
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
002c buffer : P.D.C...
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0034 uni_max_len: 0000001a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0038 offset : 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
003c uni_str_len: 0000001a
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
0040 buffer : P.r.i.m.a.r.y. .D.o.m.a.i.n.
.C.o.n.t.r.o.l.l.e.r...
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_werror(729)
0074 status: WERR_OK
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590)
api_rpcTNP: called srvsvc successfully
[2005/07/01 02:39:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543)
free_pipe_context: destroying talloc pool of size 180
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 02
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0090
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000001
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000078
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..144]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=200
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=8896
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 144 (0x90)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 144 (0x90)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=145
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 140 of length 45
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8960
smt_wct=3
smb_vwv[ 0]=29721 (0x7419)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBclose (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7419
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name srvsvc pnum=7419 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=3)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=3)
[2005/07/01 02:39:16, 5] smbd/pipes.c:reply_pipe_close(272)
reply_pipe_close: pnum:7419
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082)
closed pipe name srvsvc pnum=7419 (pipes_open=2)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=111
smb_mid=8960
smt_wct=0
smb_bcc=0
[2005/07/01 02:39:16, 3] smbd/process.c:process_smb(1114)
Transaction 141 of length 124
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=9024
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 36 (0x24)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29720 (0x7418)
smb_bcc=53
[2005/07/01 02:39:16, 3] smbd/process.c:switch_message(900)
switch message SMBtrans (pid 21615) conn 0x83a2868
[2005/07/01 02:39:16, 4] smbd/uid.c:change_to_user(217)
change_to_user: Skipping user change - already user
[2005/07/01 02:39:16, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/07/01 02:39:16, 5] smbd/ipc.c:reply_trans(560)
calling named_pipe
[2005/07/01 02:39:16, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/07/01 02:39:16, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2005/07/01 02:39:16, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
search for pipe pnum=7418
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7418 (pipes_open=2)
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173)
pipe name winreg pnum=7412 (pipes_open=2)
[2005/07/01 02:39:16, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7418)
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0024
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000005
[2005/07/01 02:39:16, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
unmarshall_rpc_header: using little-endian RPC
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_rpc_hdr
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0000 major : 05
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0001 minor : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0002 pkt_type : 03
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0003 flags : 23
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0004 pack_type0: 10
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0005 pack_type1: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0006 pack_type2: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0007 pack_type3: 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0008 frag_len : 0020
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
000a auth_len : 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
000c call_id : 00000005
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000010 smb_io_rpc_hdr_resp resp
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
0010 alloc_hint: 00000000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint16(640)
0014 context_id: 0000
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0016 cancel_ct : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint8(580)
0017 reserved : 00
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_debug(82)
000018 smb_io_rpc_hdr_fault fault
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_ntstatus(699)
0018 status : NT code 0x1c010002
[2005/07/01 02:39:16, 5] rpc_parse/parse_prs.c:prs_uint32(669)
001c reserved: 00000000
[2005/07/01 02:39:16, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..32]
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(454)
[2005/07/01 02:39:16, 5] lib/util.c:show_msg(464)
size=88
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1044
smb_uid=111
smb_mid=9024
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 32 (0x20)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 32 (0x20)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=33
